RID is a configurable tool which uses intrusion fingerprints to track down

compromised hosts.  RID can remotely detect Stacheldraht, TFN, Trinoo and TFN2k
if the attacker did not change the default ports.

1 files changed, 12 insertions, 0 deletions

diff --git a/security/rid/pkg-descr b/security/rid/pkg-descr
new file mode 100644
index 000000000000..7621341b0587
--- /dev/null
+++ b/security/rid/pkg-descr
@@ -0,0 +1,12 @@
+RID - Remote Intrusion Detection
+--------------------------------
+RID is a configurable tool which uses intrusion fingerprints to track down
+compromised hosts.  RID can remotely detect Stacheldraht, TFN, Trinoo and TFN2k
+if the attacker did not change the default ports.
+
+After a compromise, this information can often be turned into a "fingerprint"
+of the intrusion.  RID is designed to be capable of accurately specifying this
+"fingerprint" with little knowledge of network programming.
+
+RID is based off an extension of ngrep (network grep).  It is different because
+it extends ngrep into a probing tool.