Bill Stearns' web site

Thanks for showing up! This is one of the mirror sites holding my software. The packages here are either ones I've written or ones I package for someone else ("RPMs" in the description).

Please note that these are not all complete packages. Some of them are simple scripts that I use, with little in the way of documentation or installation routines.

Software packages

For a complete list of all files, see filelist.html.

If you'd only like the most current rpms of the software I write, see neweststable.

apply-quilt-patches Applies all the patches in a quilt collection to a source tree.
apptrace This straces any app, however it's called. Useful for daemons, startup scripts and any tools you don't call directly. See doc/apptrace.v0.1.html for an article on its use.
askfirst Shell function to ask the user if they want to run a particular command. Handles sudo.
blockrules Create iptables, ipchains, ipfwadm, IOS, ipfilter, and snort block rules for specified traffic. Can be run as a cgi script; see for a demo.
buildkernel This builds a linux kernel from scratch.
checkformail / mail Mail handling scripts and info.
defragfile (Untested) script for defragmenting files on a Linux system.
detectlib This library and associated frontends detect and remove worms from a Linux system. Adorefind, Ramenfind, XCfind and Lionfind are here.
dibs Perl script that sends a second copy of all icmp unreachables to a collector machine. Designed for the DIBS project, a project that detects worm activity from the unreachables caused by worms probing for non-existant machines.
diffsplit Breaks up diffs/patches into their component files.
dns-check A script that compares dns records to stored copies. Allows you to verify that your dns servers are not handing out incorrect data.
doc Here are the (generally security related) papers I've written over the last few years.
fanout This tool will run commands on multiple machines at the same time via ssh.
Documents and scripts about the UML Coop project (see also slartibartfast, the existing Coop.
firebricks (Now called modwall, please update any bookmarks) A set of independent firewall modules that can be inserted into an existing firewall.
fist Stackable filesystem templates, currently just logeventfs. See the fist home page for more info on fist.
filldisk Fills a disk with a repeating string to overwrite deleted files and exercise the drives block checking ability.
freedups This frees up space on Linux filesystems by hardlinking identical files.
freeze This halts all the running applications on a Linux system, while leaving the current console running so the analyst can continue to perform forensic analysis of an attacked system.
hack A wrapper around your favourite editor that saves dated backups of the file, among other things.
html2sgml A simple converter from html to sgml.
htmlfilelist Create an html format file listing for a directory. Used on this site - see filelist.html for sample output.
hostlookup Looks up the hostnames of IPs given on the command line or on stdin.
i2i The firewall conversion routines, ipfwadm2ipchains and ipchains2iptables.
icons A collection of icons.
indebug Debugging tool for the Intermezzo project.
ipchains2iptables Converts an ipchains (2.2 kernel) firewall into an iptables (2.4 kernel) firewall. Because of the structural differences between the two types of firewalls, this program will do as much as it can, but only provides a starting point.
ipfwadm2ipchains This converts an ipfwadm (2.0 kernel) firewall into an ipchains (2.2 kernel) firewall.
ipt_dsize An iptables match module to allow one to match the length of the data portion of the packet without the IP and protocol header.
livedrives Just lists the physical ide and scsi drives on a system.
mason The Mason automatic firewall builder for linux.
mirror Tools for managing a software repository mirror.
mkrootfs Makes root filesystems for User Mode Linux.
modwall A set of independent firewall modules that can be inserted into an existing firewall.
moveuser Moves a user to a new UID (and optionally GID). Use with caution.
netreply Perl script that sends back an echo reply for echo requests. Useful for letting your attackers think that non-existant machines exist. :-)
neweststable All of the RPMs for software I write.
noads Block ads with the jesred squid redirector.
openmail Opens up a mail folder with pine.
padip Pads out an IP address to nnn.nnn.nnn.nnn format
patches Miscellaneous patches I wrote or modified and sent off to Linux developers
pcap BPF / pcap packet capture files.
pom26convert Converts the netfilter patch-o-matic 2.4 and files over to the 2.6 kernel's Kconfig format.
pomlist Creates a hypertext listing of all the netfilter patch-o-matic modules.
portstatus Checks to see if specified ports on a system are responding.
randomsig Create a random signature with different quotes, some included.
razor-caching-proxy A caching proxy for the Razor spam filtering system.
redhat Spec file template.
routeprobe Checks for rogue routers - masquerading or straight routing - on a LAN.
rsync-backup This tool allows for secure backups via rsync, ssh and chroot.
rsync-mirror A simple wrapper script for mirroring directories between machines.
sa-blacklist A blacklist of sender addresses for Spamassassin.
(formerly sam)
A library of shell functions used by some of the other tools.
shun Program that blocks all communication with given IP's on an iptables or ipchains capable host.
snort2iptables Converts rules in the snort rulebase over to iptables firewall rules.
socketwatch Listen for incoming connections on a given port and immediately block the person scanning it.
ssh-keyinstall Automates the creation and installation of ssh keys.
Documents and scripts about the UML Coop project (see also ford, the upcoming 64 bit Coop.
staticiso An ISO image of statically linked binaries, good for forensics and system recovery.
syncapture Script to capture syn packets for later analysis. Useful for p0f.
tcpsed Perl app to replace fields in a pcap file.
tunnel Scripts to help set up ip tunneling.
uml Patches and files for the User-Mode Linux project.
uml-root Root filesystems for the User-Mode Linux project. Note these are only at
vmod Virtual Machine On Demand - a script that will eventually automatically start and stop User-Mode Linux virtual machines based on load. In progress, not much yet.

RPMS I package of other peoples software

ProjectDescriptionReference URL
XvBogus RPMs.
aide Static RPMs.
bladeenc RPMs.
dnstop RPMs. and
dxpc RPMs.
e2fsprogs RPMs.
fltk RPMs.
gkrellm RPMs. and
gnapster RPMs.
gnubile RPMs.
grepmail RPMs.
gtk-- RPMs.
htmldoc RPMs.
hydra RPMs.
id3lib RPMs.
iip RPMS.
iftop RPMS.
ike-scan RPMS.
imgseek RPMs.
interdiff RPMs.
intermezzo RPMs.
iptables RPMs.
kautoconfigure RPMs.
labrea RPMs.
libcss RPMS.
libid3lib13 RPMS.
libnet RPMs.
libsafe RPMs.
libsigc++ RPMs.
loggrep RPMs.
lsof RPMs.
lvm-viewer RPMs.
lzip RPMs.
mess822 RPMs.
mhash RPMs.
mkisofs RPMs.
mutella RPMs.
nc statically compiled RPMs - please read the readme first.
nessus RPMs
ngrep RPMs.
omi RPMs.
openssh RPMs.
packit RPMs.
p0f RPMs.
pdumpq RPMs. Accepts packets from netfilter and outputs them in libpcap format
perl RPMs for some perl modules
pktstat RPMs.
rain Packet creation tool RPMS.
razor-agents RPMS of the Razor spam filtering agents.
rnl File sharing tool RPMS.
rsync RPMS.
rsync-static A statically linked version of the rsync package.
sgml-tools RPMs
spak RPMs.
spamassassin RPMs.
spinner-wiki RPMs.
subterfugue RPMs.
tnef RPMs.
ucl RPMs.
ulogd RPMs.
upx RPMs.
xclip RPMs.

I have some additional old / unmaintained projects and rpms as well.

Full mirrors of this site

Many thanks to Bascom, who were kind enough to host a mirror for many years.

Partial mirrors of this site

Other related sites.


I gave a webcast on ssh in September 2003 (follow that link to hear it anytime). Many thanks to Sans and VanDyke software for sponsoring it.

I also gave a webcast on Spam in February 2004 (again, available for listening anytime). Many thanks to Sans and Mailfrontier for sponsoring it.

Here's an interview about Internet Security that showed up on New Hampshire Public TV's Outlook program. Jump 6 minutes, 40 seconds in.

Julie Bresnick of Newsforge wrote an article about my work on open source programs. Thanks, Julie.


If you need to get a hold of me, try:

I'll have this address forever.

I have a diary running. I expect to update irregularly, when something interesting happens.

Here's my pgp key. I'd strongly suggest that you download this from more than one of the mirror sites and compare the two (so you can't be fooled if one of the mirror sites gets hacked). This key has not changed since 1998. It can also be found on the public key servers, such as the one at MIT.

This key is used to sign any rpms I build.

Here are some funny images and files.

Here's the cruise my wife and I took in August, 2001.

Finally, a few shots of me waterskiing on Lake Sunapee in New Hampshire, USA.

Last edited: 5/11/2006

Best viewed with something that can show web pages... <grin>

Please don't email the following address - it's part of a study: