John Kristoff::jtk
    home | software | papers | talks | blog

Software

query2db - Sample, skeleton code for injecting BIND query log data into a MySQL database. This script is placed into the public domain. Updated 2006-06-02.
Unix script source: query2db

IP::Anonymous - Perl module port of Crypto-PAn to provide anonymous IP addresses. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. Updated 2005-11-09.
Perl source: IP-Anonymous-0.04.tar.gz
MD5 hash: IP-Anonymous-0.04.tar.gz.md5
PGP signature: IP-Anonymous-0.04.tar.gz.asc

mcastsum - Perl script to summarize multicast state (IGMP, PIM and MSDP) in a router. This script is placed into the public domain. Updated 2005-10-20.
Unix script source: mcastsum

sshdict - Perl script to parse logs to discern when a remote SSH brute force break-in has been attempted. Using a simple scoring system based on the log message and number of times an attacker attempts a login the script outputs the source IP address and most recent timestamp of each attempt. This script is placed into the public domain. Updated 2007-10-19.
Unix script source: sshdict

bhrs - Perl CGI script to manage black hole routes between a MySQL database and a Cisco route server. Currently a beta prototype. Requires specific route server, MySQL and variable configuration. Contact me for details and licensing information. Updated 2005-02-20.
Unix script source: bhrs

querywatch - Perl script matches BIND 9 query logs based on configured A RR query strings. Can be run in either sampled or express mode. The script is placed into the public domain. Updated 2005-01-18.
Perl script source: querywatch

dnswatch - Perl script that monitors hostnames for IP address mapping changes. This script is placed into the public domain. Updated 2004-09-01.
Perl script source: dnswatch

cislog - Cisco SYSLOG message summarization and reporting tool. Version 1.2 released 2004-06-16.
Perl source: cislog-1.2.tar.gz
MD5 hash: cislog-1.2.tar.gz.md5
PGP signature: cislog-1.2.tar.gz.asc

ios-ifcheck - Perl script that checks for existence of interface options in a stored IOS configuration file. This script is placed into the public domain. Updated 2004-06-10.
Perl script source: ios-ifcheck

acl-abandoned - UNIX-based shell script that lists ACLs/route-maps not in use on Cisco IOS configs. This script is placed into the public domain. Updated 2005-06-03.
UNIX shell script source: acl-abandoned

acl-missing - UNIX-based shell script that lists interfaces that have an ingress or egress ACL set, but where the ACL is not defined on Cisco IOS configs. This script is placed into the public domain. Updated 2005-01-10.
UNIX shell script source: acl-missing

acl-usage - UNIX-based shell script that lists ACLs/route-maps not in use on Cisco IOS configs. This script is placed into the public domain. Updated 2004-02-03. NOTE: this script has been superseded by acl-abandoned.
UNIX shell script source: acl-usage

ios-ipnames - Perl script that checks for reverse DNS records of the IPv4 addresses on interfaces in stored Cisco IOS configs. This script is placed into the public domain. Updated 2004-01-13.
Perl script source: ios-ipnames

named-report - ISC BIND 9 named log message summary and report tool. Version 1.4 released 2003-12-01.
Perl source: named-report-1.4.tar.gz
MD5 hash: named-report.1.4.tar.gz.md5
PGP signature: named-report-1.4.tar.gz.asc