R-fx Networks - Internet Security Solutions - Projects ť NSIV


.: October 13, 2008, 7:58 am

ť Menu

- Home

- Projects

- Library

- Vulnerabilities

- Company

- Forums

- Mailing List

- Contact Us

» Projects » NSIV	Browsing Users: 32 «
NSIV (Network Socket Inode Validation)
Network socket inode validation is a rule based utility intended to aid in the validation of inodes against each LISTEN socket on a system. The nature for this app is such that rouge binaries can easily hijack a user, program privileges, or work space; and utilize such to kill the old service & execute a new service on the known port they crashed. The best known examples of this trend is 'tmp' path uploaded content via php remote include exploits; which is executed, crashes the web server and starts a rouge httpd process and other such items. A simple structure of validation is used by NSIV to verify the integrity of services on a given system. The rules system has 3 required variables; the first being a declared PORT value for which the service is known to operate on, the second is the BIN value which is simply the path to your service executed binary and the third option is the RST value which points to an init script or similar - and must include restart flag or similar. There-after NSIV determines the running PID of your BIN; the current inode of your BIN followed by the current inode that is binding your declared PORT for such service. If the listening inode differs from that of the BIN inode value then we assume the service has been hijacked or similar and the PID is killed and RST executed. Download the current release of NSIV distributed under the GNU GENERAL PUBLIC LICENSE: - http://www.r-fx.ca/downloads/nsiv-current.tar.gz All projects on rfxnetworks.com are free for use and distribution in accordance with the gnu gpl; funding for the continued development and research into this and other projects, is solely dependent on public contributions and donations. If this is your first time using this software we ask that you evaluate it and consider a small donation; for those who frequent and are continued users of this and other projects we also ask that you make an occasional small donation to help ensure the future of our public projects. Documents: - http://www.rfxnetworks.com/appdocs/README.nsiv Version History: - http://www.rfxnetworks.com/appdocs/CHANGELOG.nsiv

	R-fx Networks Š 1999 - 2007 All rights reserved.