|
|
14. Monitor and probe toolsHere is a list of software monitor and probing tools that may be useful. This list was taken from http://www.alw.nih.gov/Security/security-prog.html that has a host of other important information regarding security related issues. Argus Argus is a powerful tool for monitoring IP networks. It provides tools for sophisticated analysis of network activity that can be used to verify the enforcement of network security policies, network performance analysis and more. Availability: anonymous ftp at ftp.sei.cmu.edu Arpwatch An Ethernet monitor program that keeps tracks of Ethernet/IP address pairings. Availability: anonymous ftp at ftp.ee.lbl.gov Courtney - It is a program that tries identifies the use of SATAN on a subnet. The program tcpdump will also be needed in order to run Courtney. See below for information about tcpdump. Availability: anonymous ftp at ciac.llnl.gov Additional Info: CIAC Notes 08 Dig Dig is a network utility which queries Domain Name Servers similar to nslookup but it's more flexible. Availability: anonymous ftp at venera.isi.edu Drawbridge Powerful bridging filter package. Availability: anonymous ftp at net.tamu.edu Fping An efficient way to test whether a large number of hosts are up. Availability: anonymous ftp at slapshot.stanford.edu IPACL Filters incoming and outgoing TCP and UDP in a SVR4/386 kernel. Availability: anonymous ftp at ftp.win.tue.nl ISS Checks hosts within a specified range of IP address for various security vulnerabilities in Sendmail, anonymous FTP setup, NFS and many more. Availability: anonymous ftp at info.cert.org Additional Info: CERT Advisory 93:14.Internet.Security.Scanner Klaxon It is a daemon that is used to identify the use of port scanners like ISS and SATAN. Availability: anonymous ftp at ftp.eng.auburn.edu Multi Router Traffic Grapher (MRTG) MRTG is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traffic. Availability: World Wide Web at ee-staff.ethz.ch Additional Info: MRTG: Multi Router Traffic Grapher Netlog Network logging and monitoring of all TCP and UDP connections on a subnet. Netlog also includes tools to analyzing the output. Availability: anonymous ftp at net.tamu.edu Network Security Scanner (NSS) NSS is a Perl script that scans one host on subnet or an entire subnet for various simple security problems. Availability: anonymous ftp at jhunix.hcf.jhu.edu NFSWatch NFSWatch monitors NFS requests and measures response time for each RPC. Availability: anonymous ftp at coast.cs.purdue.edu Pidentd Identd tries to identify the remote user name of a TCP/IP connection. Identd is an implementation of RFC 1413. Availability: anonymous ftp at ftp.lysator.liu.se or ftp.csc.ncsu.edu Additional Info: RFC 1413 PingLogger PingLogger detects and logs ICMP ECHO REQUESTS. Availability: World Wide Web at www.students.uiuc.edu Rscan Rscan is an extensible network scanner that checks for common network problems and SGI specific vulnerabilities. Availability: anonymous ftp at ftp.vis.colostate.edu Additional Info: Rscan: Heterogeneous Network Interrogation SATAN SATAN is a program that gathers network information such the type of machines and services available on these machine as well as potential security flaws. Availability: anonymous ftp at ftp.win.tue.nl. Also see wzv.win.tue.nl for a list of mirror sites. Additional Info: Cert Advisory CA-95:06.satan Scan-Detector Scan-detector determines when an automated scan of UDP/TCP ports is being done on a host running this program. Logs to either syslog or strerr. Availability: anonymous ftp at coast.cs.purdue.edu Additional Info: COAST Projects' Tools Simple Key-Management for Internet Protocols (SKIP) SKIP adds privacy and authentication at the network level. Availability: USA and Canada--via web form Availability: International--anonymous ftp at ftp.elvis.ru Additional Info: SKIP Information and SKIP in Russia Strobe Strobe displays all active listening TCP port on remote hosts. It uses an algorithm that efficiently uses network bandwidth. Availability: anonymous ftp at suburbia.apana.org or minnie.cs.adfa.oz.au TCP Wrapper Allows a Unix System Administrator to control access to various network services through the use of access control list. It also provides logging information of wrapped network services which may be used to prevent or monitor of network attacks. Availability: anonymous ftp at ftp.win.tue.nl Additional Info: TCP Wrapper Tcpdump It captures and dumps protocol packets to monitor or debug a network. Availability: anonymous ftp at ftp.ee.lbl.gov Traceroute Traceroute traces the route IP packets take from the current system to a destination system. Availability: anonymous ftp at ftp.psc.edu Xinetd It's a replacement for inetd that has extensive logging and access control capabilities for both TCP and UDP services. Availability: anonymous ftp at qiclab.scn.rain.com YPX It is a utility used to retrieve a NIS map from a host running NIS daemon. Availability: anonymous ftp at ftp.uu.net or WWW server at mls.saic.com |
|