The following appendix provides links to various Linux security and system administration tools. Some are essential, some are merely interesting, but nearly all are free.
Tool or Resource: Abacus Project
Keywords: Network monitoring
Notes: None.
URL: http://www.psionic.com/abacus/
Description: The Abacus Project offers several tools for logging, intrusion detection, and general system management. Of these, the most interesting is HostSentry. Its author describes it as a host-based login anomaly detection and response tool. Other Abacus Project tools analyze logs and defend against port scan attacks in real-time.
Tool or Resource: Acme.Nnrpd
Keywords: Network news access
Notes: Requires Java.
URL: http://www.acme.com/java/software/Package-Acme.Nnrpd.html
Description: Acme.Nnrpd is a newsagent written in Java. Although it's not strictly a security tool, Acme.Nnrpd allows you to read Net news through a firewall. (Warning: To access the full features of this tool, you need to run it root on port 119.)
Tool or Resource: ADMsmb
Keywords: Network analysis
Notes: None.
URL: ftp://ADM.isp.at/ADM/ADMsmb-v0.2.tgz
Description: ADMsmb is a network scanner that detects Windows shares (SMB). This is useful when you have a Windows/Linux network.
Tool or Resource: Argus
Keywords: Network monitoring and logging
Notes: Requires libpcap and tcp_wrappers.
URL: http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html#Argus
Description: Argus is a generic IP network transaction auditing tool that performs network monitoring.
Tool or Resource: arping
Keywords: Network troubleshooting and analysis
Notes: None.
URL: ftp://ftp.inr.ac.ru/ip-routing/iputils-current.tar.gz
Description: arping is a set of network diagnostic tools, such as an enhanced replacement for traceroute.
Tool or Resource: Basic Merit AAA Server
Keywords: Network authentication
Notes: Be sure to read the license.
URL: http://www.merit.edu/aaa/
Description: The Merit Authentication Server is a full-fledged RADIUS implementation. (Planning on starting a small ISP?) Mind the licensing here: It's freely available, but not for redistribution.
Tool or Resource: BSB-Monitor
Keywords: Network analysis and monitoring
Notes: Requires Perl 5.004+ and Net::Ping and Net::Telnet.
URL: http://www.bsb-software.com/download/bsb-monitor
Description: BSB-Monitor monitors your network and automatically generates HTML output. Good for when you need to monitor happenings from afar.
Tool or Resource: bsign
Keywords: File integrity checking
Notes: None.
URL: ftp://ftp.buici.com/pub/bsign/
Description: bsign offers file integrity verification via digital fingerprints.
Tool or Resource: ByPRoxy
Keywords: Network privacy
Notes: Requires Sun's Java SDK or Runtime Environment.
URL: http://www.besiex.org/ByProxy/
Description: ByProxy, a radical anti-SPAM, anti-anything-and-almost-everything filter/proxy, allows you to tailor your wire, including WWW, email, IRC, and so on.
Tool or Resource: cheops
Keywords: Network analysis and visualization
Notes: Requires gtk or GNOME.
URL: http://www.marko.net/cheops/
Description: cheops is a complex network utility-integration tool that offers network visualization. In some respects, it resembles Unicenter TNG. (Hard to describe. Check it out.)
Tool or Resource: CIPE
Keywords: Network encryption
Notes: None.
URL: http://sites.inka.de/sites/bigred/devel/cipe.html
Description: A Crypto IP Encapsulation project. This site offers a protocol that passes encrypted packets between prearranged routers in the form of UDP packets. Reportedly, it's not as flexible as IPSEC, but quite adequate for securing garden-variety network traffic.
Tool or Resource: Cistron RADIUS server
Keywords: Network user authentication and administration
Notes: None.
URL: http://home.cistron.nl/~miquels/radius/
Description: A free, industrial-strength, Livingston-style RADUIS server (without S/Key support) for Linux networks running Livingston Portmasters, or Ascend routers and perhaps others.
Tool or Resource: COLD
Keywords: Network monitoring
Notes: None.
URL: http://www.panservice.it/cold/
Description: COLD is a protocol analyzer that can monitor various interfaces, including ISDN, PPP, Token Ring, standard loop back, and standard Ethernet.
Tool or Resource: COPS
Keywords: Network and host analysis and troubleshooting
Notes: None.
URL: http://www.trouble.org/cops/
Description: The famed Computer Oracle and Password System is a suite of tools that can automatically detect configuration problems or holes in your system. Although COPS is now antiquated, it's still quite relevant and useful, offering password checking, SUID/SGID searches, file integrity via CRC checking, path and file config checking, and so on.
Tool or Resource: Cryptonite
Keywords: Network encryption
Notes: This package requires Java.
URL: http://www.hi.is/~logir/logi.crypto/
Description: Cryptonite is a Java library for using strong encryption in Java applications (version 1.1).
Tool or Resource: CTC
Keywords: Network Encryption
Notes: None.
URL: http://www.bifroest.demon.co.uk/ctc/
Description: CTC is a freeware PGP-interoperable encryption software package.
Tool or Resource: Dante
Keywords: Firewalls
Notes: Known to work well with Red Hat 5.1 and perhaps others.
URL: http://www.inet.no/dante/
Description: Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts, while requiring only that the server Dante runs on have external network connectivity. (Dante is a free SOCKS implementation, essentially.)
Tool or Resource: Deception Tookit
Keywords: Intrusion detection and disinformation
Notes: None.
URL: http://all.net/dtk/download.html
Description: In recent years, there's been much research on the practice of deception, or deceiving attackers by electronically emulating other operating systems and/or vulnerabilities that don't actually exist. The Deception Toolkit offers tools to do just that.
Tool or Resource: DeleGate
Keywords: Network and firewall administration
Notes: None.
URL: http://wall.etl.go.jp/delegate/
Description: DeleGate is an application-level gateway (or a proxy server).
Tool or Resource: DNI
Keywords: Network monitoring and security
Notes: None.
URL: http://members.tripod.com/~robel/dni/dniadm.html
Description: Using DNI, you can set packet filtering rules via a Web page. Although this could cause security vulnerability when used from remote sites (some of DNI is implemented through JavaScript, and the transmission is not encrypted), it can be quite useful for testing in an intranet setting.
Tool or Resource: dnswalk
Keywords: Network analysis
Notes: Requires Perl 5.003+ and the Net::DNS module.
URL: http://www.cis.ohio-state.edu/~barr/dnswalk/
Description: dnswalk is a tool for automatically debugging DNS databases. It works by initiating a zone transfer of a current zone, inspecting individual records for inconsistencies with other data, and generating warnings and errors.
Tool or Resource: DrawBridge
Keywords: Firewalls
Notes: 3Com 3c505 Etherlink+ or wavelan cards will not work.
URL: http://drawbridge.tamu.edu/
Description: DrawBridge is a BSD-based firewall with source included. It is possible to use DrawBridge on Linux (with effort), but DrawBridge's main value is that it comes with source and you can learn how firewalls are developed.
Tool or Resource: The EDGE Router Project
Keywords: Network firewalls
Notes: None.
URL: http://edge.fireplug.net/
Description: The Edge Router suite can turn a minimally configured consumer PC into a standalone Internet firewall, complete with address translation, proxying, and IP packet forwarding (and naturally, it is implemented on Linux).
Tool or Resource: edssl
Keywords: Network encryption
Notes: None.
URL: ftp://ftp.replay.com/pub/crypto/crypto/SSLapps/
Description: edssl is a Secure Sockets Layer (SSL) proxy with multiple uses. For example, you can use it to wrap Lynx traffic in SSL.
Tool or Resource: epan
Keywords: Network analysis
Notes: Requires Linux 2.0 and above.
URL: http://www.et-inf.fho-emden.de/~tobias/epan/
Description: epan is a protocol analyzer that supports Ethernet, Token Ring, SLIP, PPP, ISDN, ARCnet, and local loopback. It also supports MAC Ethernet, MAC IEEE 802.3, LLC (IEEE 802.2), SNAP, ARP, RARP, IP (including IPIP and IP-ENCAP), ICMP, IGMPv1, IGRP, TCP (including 9 TCP options), UDP, DNS (including 22 Resource Records), SUN RPC, TFTP, BOOTP/DHCP, RIPv1, RIPv2, rwho, and time.
Tool or Resource: Etherboot
Keywords: Network administration
Notes: Requires bootp or dhcpd, tftp, and NFS.
URL: http://www.slug.org.au/etherboot/
Description: Etherboot is a free software package for booting x86 PCs (including those running Linux) over networks.
Tool or Resource: Ethereal
Keywords: Network monitoring
Notes: None.
URL: http://ethereal.zing.org/
Description: Ethereal is a protocol analyzer supporting AARP/DDP, ARP/RARP, BOOTP/DHCP, CDP, DNS, Ethernet, FTP, HTTP, ICMP, IGMP, IP/TCP/UDP, IPv6/ICMPv6, IPsec, IPX/SPX/NCP, LPR/LPD, NNTP, OSPF, POP, PPP, RIP, Token Ring, Telnet, and TFTP (and marginal SNMP support is also included).
Tool or Resource: exscan
Keywords: Network analysis
Notes: None.
URL: http://exscan.netpedia.net/exscan.html
Description: exscan is a port scanner in the tradition of Strobe, and it's great for quickly identifying what services are running.
Tool or Resource: Fake
Keywords: Redundancy and high availability
Notes: None.
URL: http://linux.zipworld.com.au/fake/
Description: Fake is a redundant server switch. When one server goes down, another, similarly configured server takes its place. Since electronic commerce depends greatly on reliability (Is your site always up and available?), tools like this are invaluable. Don't want server downtime? Get Fake.
Tool or Resource: FCT
Keywords: Firewall administration
Notes: None.
URL: http://www.fen.baynet.de/~ft114/FCT/index.html
Description: FCT is the Firewall Configuration Tool, a system you can use to manage firewalls in large networks. It offers many configuration options, firewall rule testing, and so on.
Tool or Resource: FreeTDS
Keywords: Database administration and programming
Notes: You need Sybase or Microsoft SQL.
URL: http://metalab.unc.edu/freetds/
Description: Free Tabular DataStream package. Tabular DataStream is a client-to-database server protocol in SyBase and Microsoft SQL database implementations.
Tool or Resource: GNUPG
Keywords: Privacy and encryption
Notes: See RFC 2440: http://www.d.shuttle.de/isil/gnupg/rfc2440.html.
URL: http://www.d.shuttle.de/isil/gnupg/
Description: GNUPG is the GNU Privacy Guard, an open source OpenPGP compatible encryption system. OpenPGP provides data integrity services for messages and data files by using digital signatures, encryption, and compression.
Tool or Resource: Gnusniff
Keywords: Network monitoring
Notes: None.
URL: http://www.ozemail.com.au/~peterhawkins/gnusniff.html
Description: Gnusniff is a sniffer for Linux.
Tool or Resource: gPGPshell (now called Geheimnis)
Keywords: Encryption and privacy
Notes: Requires gtk or gnome.
URL: http://www.dimensional.com/~cwiegand/linux/gpgpshell.html
Description: Geheimnis is a PGP shell for the K Desktop Environment. It is functionally quite similar to the free PGP Keys application for Windows and Windows NT. Geheimnis makes it very easy to author and encrypt documents, manage PGP keys, and so on.
Tool or Resource: hping
Keywords: Network analysis
Notes: None.
URL: http://www.kyuzz.org/antirez
Description: hping is a network scanner that uses spoofed packets. (And therefore obscures its source address. Hmmm…)
Tool or Resource: Hummer from the Hummingbird Project
Keywords: Intrusion detection and network monitoring
Notes: Newer releases may require Java.
URL: http://www.cs.uidaho.edu/~hummer/
Description: Hummer is a complex tool that lets you distribute security and intrusion detection information between several hosts. It can therefore be used to detect sophisticated attacks where multiple attackers and targets are mixed and matched. Attackers are now using such sophisticated attacks to obscure their activity, spreading it across several hosts from several source addresses. Because the resulting logs are not unified, such attacks are difficult to pinpoint or identify. Hummer works in cross-host environments and is one potential solution. It can class hosts into hierarchies and groups and reduce the cloud factor in analyzing results. Hummer is to regular intrusion detection tools what C++ is to C—a step forward.
Tool or Resource: Hunt
Keywords: Network analysis
Notes: Requires Linux 2.0.35+, GlibC 2.0.7 with LinuxThreads.
URL: http://www.cri.cz/kra/index.html
Description: Hunt is a work-in-progress exploit suite that exploits well-known holes in TCP/IP but takes things a step further, offering many functions that aren't available in most free attack tools.
Tool or Resource: icmpquery
Keywords: Network analysis
Notes: None.
URL: http://www.angio.net/security/
Description: icmpquery is a tool for sending and receiving ICMP queries for address mask and current time.
Tool or Resource: ident2
Keywords: Network monitoring
Notes: None.
Description: ident2 is an Identity/AUTH server for Linux.
Tool or Resource: The Internet Junkbuster
Keywords: Network privacy
Notes: None.
URL: http://internet.junkbuster.com/
Description: The Internet Junkbuster is a proxy that blocks unwanted banner ads and protects your privacy from cookies and other threats.
Tool or Resource: IP Filter
Keywords: Firewalling and packet filtering
Notes: Works on Linux 2.0.31+ on non-glibc systems.
URL: http://cheops.anu.edu.au/~avalon/ip-filter.html
Description: IP Filter is an advanced TCP/IP packet filter suitable for use in firewall environments. You can use it as a loadable kernel module or incorporate it into your kernel. IP Filter sports a staggering number of options (including filtering of fragmented packets, an issue at the heart of many denial-of-service attacks).
Tool or Resource: IPAC
Keywords: Network accounting and analysis
Notes: Requires Perl 5 and ipfwadm or ipchains.
URL: http://www.comlink.apc.org/~moritz/ipac.html
Description: IPAC is a Linux IP accounting package that supports ASCII and graphical mapping. Although IPAC is not strictly a security tool, in certain instances it can be useful in a security context. IPAC monitors IP traffic and graphs out this information. Using IPAC, you can perform traffic analysis and perhaps discover unwanted activity.
Tool or Resource: ipfwadm dotfile module
Keywords: Filtering, firewalls, and IP masquerading
Notes: Requires X, Tcl/Tk, and IP firewalling enabled.
URL: http://www.wolfenet.com/~jhardin/ipfwadm.html
Description: The ipfwadm dotfile module makes IP masquerading and firewalling on a small network easier for Linux users who aren't professional network administrators.
Tool or Resource: ipgrab
Keywords: Network monitoring and analysis
Notes: None.
URL: http://www.xnet.com/~cathmike/MSB/Software/
Description: ipgrab is a packet-sniffing tool, based on the Berkeley packet capture library, that prints complete data-link, network, and transport layer header information for all packets it sees.
Tool or Resource: ippl
Keywords: Network monitoring and logging
Notes: Requires libc and the pthread library.
URL: http://www.via.ecp.fr/~hugo/ippl/
Description: ippl is a multi-threaded tool that logs incoming IP packets. You can establish rules for which packet types you'd like to filter.
Tool or Resource: IPTraf
Keywords: Network analysis
Notes: Require Linux 2.2.0+, libc 5, and a terminfo database.
URL: http://cebu.mozcom.com/riker/iptraf/
Description: IPTraf is a console-based network statistics utility that gathers TCP connection packet and byte counts, interface statistics and activity indicators, and TCP/UDP traffic.
Tool or Resource: Isinglass
Keywords: Basic user firewall
Notes: Requires ipfwadm.
URL: http://www.tummy.com/isinglass/
Description: Isinglass consists of tools to create a firewall for dialup machines. Because most Linux users are newcomers (and they probably surf using ppp connections), Isinglass is perfect for the home user. It protects against attackers that find your dynamic IP and attack your machine.
Tool or Resource: IspMailGate
Keywords: Network administration and filtering
Notes: None.
URL: ftp://franz.ww.tu-berlin.de/pub/authors/id/JWIED/Mail-ispmailgate-1.000.tar.gz
Description: IspMailGate is a general-purpose filtering agent for sendmail. Its filters are implemented as modules, and the tool is therefore extensible. Current modules offer automatic compression and decompression, encryption, decryption, and certification with PGP or virus scanning.
Tool or Resource: ITA
Keywords: Network monitoring and analysis
Notes: Requires tcpdump.
URL: http://ita.ee.lbl.gov/html/software.html
Description: The Internet Traffic Archie. Here, you'll find several utilities that clean or otherwise improve tcpdump trace files (like hiding confidential data in them). tcpdump is a network-monitoring tool that dumps packet headers from the specified network interface. It's useful for diagnosing network problems and forensically examining network attacks. It's also highly configurable: You can specify which hosts to monitor, as well as which kind of traffic and which services.
Tool or Resource: Juniper Firewall Toolkit
Keywords: Firewall
Notes: The full install is a commercial product.
URL: http://www.obtuse.com/juniper/
Description: The Juniper Firewall Toolkit works on dual-homed bastion hosts that don't forward packets between interfaces. Juniper implements transparent proxy facilities to allow machines on internal, unrouted networks to transparently access the Internet as if they were directly connected.
Tool or Resource: K-Arp-Ski
Keywords: Network analysis
Notes: Requires gtk.
URL: http://mojo.calyx.net/~btx/karpski.html
Description: K-Arp-Ski is a network mapper and misuse detector with many nice amenities. For example, it quickly gathers all known IP addresses on your network, tracks TCP connections via MAC addresses, identifies the NIC vendor of each card, and does many other things.
Tool or Resource: KSniff
Keywords: Network monitoring
Notes: Requires Qt and KDE.
URL: http://www.mtco.com/~whoop/ksniff/ksniff.html
Description: Ksniff is a work-in-progress GUI for sniffers (in this case Sniffit, but you could easily use others).
Tool or Resource: L6
Keywords: File integrity checking (ala TripWire)
Notes: Uses MD5-1.7 and SHA-1.2 Perl modules. You need Perl.
URL: http://www.pgci.ca/l6.html
Description: The L6 program generates unique 128-bit (MD5) or 160-bit (SHA-1) cryptographic message digest values derived from file content. Each value is a highly reliable fingerprint that can be used to verify file content integrity.
Tool or Resource: Lanlord
Keywords: Network and user administration
Notes: Requires dchpd.
URL: http://linux.uhw.com/software/lanlord/index.html
Description: Lanlord tracks Dynamic Host Configuration Protocol (DHCP) client leases. DHCP allows your Linux system to relay vital network information to incoming clients. Users needn't know their IP address, default gateway, or subnet masks before logging in because DHCP does it all for them. Essentially, DHCP is a way to cut down on tech support calls. Inexperienced users often get confused when configuring their network settings, so they bother you. With DHCP, setup is done automatically in the background. Many ISPs use DHCP.
Tool or Resource: LDAP at U-M
Keywords: Network administration
Notes: None.
URL: http://www.umich.edu/~dirsvcs/ldap/
Description: Important information about (and a tool for) Lightweight Directory Access Protocol.
Tool or Resource: LDAP for Linux
Keywords: Network administration
Notes: None.
Description: A project for integrating LDAP and SSL to provide secure next-generation network directory services architecture to replace Network Information Service (NIS).
Tool or Resource: The Linux Free S/WAN Project
Keywords: Network encryption and privacy
Notes: None.
URL: http://www.flora.org/freeswan/
Description: The Free S/WAN project aims to provide encrypted traffic for the Internet using IPSEC, ISAKMP/Oakley, and DNSSEC using PCs and freely available software. To learn how the S/WAN project came about, go to http://www.toad.com/gnu/swan.html.
Tool or Resource: Linux IP-NAT Forum
Keywords: Discussion on NAT
Notes: None.
URL: http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html
Description: Linux IP Network Address Translation forum.
Tool or Resource: Linux Router
Keywords: Network administration and routing
Notes: None.
URL: http://www.linuxrouter.org
Description: Linux Router is a networking-centric mini-distribution of Linux. LRP fits on a single 1.44MB floppy diskette and simplifies the process of building and maintaining routers, terminal servers, and embedded networking systems.
Tool or Resource: Linux Virtual Server
Keywords: Network high availability, virtual servers
Notes: None.
URL: http://proxy.iinchina.net/~wensong/ippfvs/
Description: This site presents papers about (and tools to create) a Linux virtual server. The argument is that expensive hardware upgrades to a beefed-up single server may not necessarily be the answer to heavy network loads. Instead, the Linux virtual server allows you to create a virtual server that issues requests to multiple boxes. To outsiders, it appears a though they're dealing with a single server. However, behind the scenes, the virtual server can consist of many machines, thus ensuring reliability, redundancy, survivability, and, most importantly, 24-hour availability. A load balancer manages the virtual server.
Tool or Resource: Logcheck
Keywords: Network logging and auditing
Notes: None.
URL: http://www.psionic.com/abacus/logcheck/
Description: Logcheck is one component of the Abacus Project and processes logs generated by the Abacus Project tools, system daemons, TCP Wrapper, logdaemon, and the TIS Firewall Toolkit.
Tool or Resource: logsurfer
Keywords: Network logging, auditing, and intrusion detection
Notes: None.
URL: http://www.cert.dfn.de/eng/team/wl/logsurf/
Description: logsurfer monitors text-based logfiles in real-time. It differs from its counterparts in that it handles multi-line patterns and substrings (and can identify multiple significant events on a single line). As a result, logsurfer often returns much more detailed information.
Tool or Resource: Mason
Keywords: Firewall administration
Notes: None.
URL: http://www.pobox.com/~wstearns/mason/
Description: Mason is an intelligent firewall tool. It interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave Mason running on the firewall machine while make all the kinds of connections that you want the firewall to support (and to block). Mason gives you a list of firewall rules that allow and block those exact connections.
Tool or Resource: masq/masqd
Keywords: Firewall administration and management
Notes: Comes with a binary distribution.
URL: http://www.els.url.es/~si03786/masq.html
Description: masq offers local and remote firewall administration, user authentication, and masquerading management.
Tool or Resource: Mig's RADIUS Labs
Keywords: RADIUS administration
Notes: Requires Perl 5 and mgetty.
URL: http://home.iphil.net/~map/radius/
Description: Linux RADIUS resources.
Tool or Resource: MindTerm
Keywords: Network encryption and privacy
Notes: Requires Java RTE.
URL: http://www.mindbright.se/mindterm
Description: MindTerm is a Java-based Secure Shell (SSH) client that can run standalone or within a Web browser. The package also offers tools to incorporate SSL into future applications.
Tool or Resource: Muffin
Keywords: Network filtering
Notes: Requires JDK 1.1+.
Description: Muffin is a Java-based filtering system for HTTP. It can remove cookies, kill GIF animations, remove advertisements, add, remove, or modify arbitrary HTML tags, remove Java applets, remove JavaScript, and much more.
Tool or Resource: Nautilus
Keywords: Encryption and privacy
Notes: Requires sound support (VoxWare).
URL: http://www.lila.com/nautilus/
Description: Nautilus allows two parties to hold a secure voice conversation over TCP/IP networks (including the Internet).
Tool or Resource: Nessus
Keywords: Network analysis
Notes: Requires gtk (for the GUI).
Description: Nessus is a highly extensible network scanner for Linux (as well as Windows 95 and NT). Nessus sports a nice GUI and comes with many, many exploit plug-ins. You can easily incorporate new exploits, too.
Tool or Resource: Net::Rawip
Keywords: Network development
Notes: Requires Perl 5.004+ and libpcap
URL: http://quake.skif.net/RawIP/
Description: Net::RawIP is a Perl module for manipulating raw IP packets. (It also has an optional feature for manipulating Ethernet headers.)
Tool or Resource: netboot
Keywords: Networking and administration
Notes: The client box should have a NIC with a 32KB+ bootrom.
URL: http://www.han.de/~gero/netboot.html
Description: This package allows a diskless PC to boot an operating system using an IP-based Ethernet network (even without a floppy diskette, in some cases). netboot currently supports Linux and DOS.
Tool or Resource: netcat
Keywords: Network analysis
Notes: None.
Description: netcat is a network analysis, debugging, and automation tool that reads and writes data across over connections using TCP or UDP. netcat is extremely versatile and has many features that make it an indispensable networking tool.
Tool or Resource: netlog
Keywords: Network monitoring and auditing
Notes: This package requires ANSI C support.
URL: http://net.tamu.edu/ftp/security/TAMU/netlog.README
Description: netlog is a collection of network monitoring and logging utilities (tcplogger, udplogger, netwatch, and extract). netlog can log all TCP connections (and UDP sessions) on a subnet and provide real-time monitoring and reporting.
Tool or Resource: netpipes
Keywords: Network programming
Notes: Some versions are not for foreign export.
URL: http://web.purplefrog.com/~thoth/netpipes/netpipes.html
Description: netpipes makes TCP/IP streams usable in shell scripts and simplifies client/server code, allowing programmers to skip tedious socket routines and instead concentrate on writing filters or services.
Tool or Resource: netwatch
Keywords: Network monitoring and analysis
Notes: None.
URL: ftp://ftp.slctech.org/pub/
Description: netwatchis a network monitor. Output is color-coded based on time—red for events in the past minute, yellow for those in the past five minutes, and green for those older than 30 minutes. A nifty tool.
Tool or Resource: nmap
Keywords: Network analysis
Notes: If you don't have gtk, get the statically linked binary.
URL: http://www.insecure.org/nmap/
Description: nmap (the Network Mapper) is a comprehensive network analysis and scanning utility. In addition to network mapping, it also supports all known scanning techniques—behind firewalls, stealth scanning, half-open connection scanning, UDP scanning, ICMP scanning, remote OS identification, and so on.
Tool or Resource: NRL IPv6+IPsec Software Distribution
Keywords: Network encryption
Notes: You need Linux 2.1+ and Linux source installed.
URL: http://www.ipv6.nrl.navy.mil/
Description: NRL IPv6+Ipsec is the IPSEC implementation from The Internet Security Technology project at the U.S. Naval Research Laboratory (NRL).
Tool or Resource: OpenBIOS
Keywords: Experimental
Notes: None.
URL: http://www.freiburg.linux.de/OpenBIOS/
Description: OpenBIOS is a project to create an open source PC BIOS.
Tool or Resource: OpenLDAP
Keywords: Network administration and development
Notes: On Dec Alphas (64-bit), performance is slightly degraded.
Description: The OpenLDAP Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source LDAP suite of applications and development tools.
Tool or Resource: OPIE
Keywords: Password Security
Notes: This package requires ANSI C and termios support.
URL: http://www.ipv6.nrl.navy.mil/ist/otp/
Description: OPIE is One Time Passwords in Everything, a one-time password implementation with MD5 support. (OPIE is similar in design to S/Key.)
Tool or Resource: Oscar
Keywords: Encryption and privacy
Notes: None.
URL: http://www.dstc.qut.edu.au/MSU/projects/pki/
Description: Oscar (the Open Secure Certificate Architecture) is a Public Key Infrastructure (PKI) prototype. It consists of a C++ library and a number of command-line tools for setting up certification authorities and using PKI technology. (In public key cryptography, public keys are stored at a central server for verification. Oscar is one implementation for establishing such a server.)
Tool or Resource: PGPfone
Keywords: Encryption and privacy
Notes: There are export restrictions on this tool.
URL: http://www.pgp.com/products/pgp-fone.cgi
Description: PGPfone offers eavesdropping-proof modem-to-modem communication via PGP.
Tool or Resource: PIKT
Keywords: Network administration
Notes: Requires make, flex, bison, and rx (in addition to C).
URL: http://pikt.uchicago.edu/pikt/
Description: PIKT is the Problem Informant/Killer Tool, which monitors multiple workstations for problems and, if appropriate, automatically fixes those problems. Example problems include disk failures, log failures, queue overflows, erroneous or suspicious permission changes, and so forth.
Tool or Resource: plugdaemon
Keywords: Network security
Notes: None.
URL: http://www.taronga.com/plugdaemon.shar
Description: plugdaemon is a proxy tool that redirects TCP/IP connections from one port on one host to a user-specified port on another. It also logs this traffic.
Tool or Resource: Pong3
Keywords: Network monitoring
Notes: Requires Perl 5+ and modules.
URL: http://www.megacity.org/pong3/
Description: Pong3 is a network monitoring tool that handles HTTP, Telnet, FTP, POP3, SMTP, SSH, and IMAP (among other things).
Tool or Resource: ppptcp
Keywords: Network encryption
Notes: Requires RSA and DES libraries.
URL: http://www.devolution.com/~slouken/projects/ppptcp/
Description: A peer-to-peer IP tunnel program that runs a PPP connection over an arbitrary TCP port.
Tool or Resource: psntools
Keywords: System administration
Notes: None.
URL: http://www.psn.ie/psntools/
Description: System administration tools for handling accounts, passwords, and quotas en masse.
Tool or Resource: QueSO
Keywords: Network analysis
Notes: None.
URL: http://apostols.org/projectz/queso/
Description: QueSO identifies remote host operating systems by sending custom packets and analyzing the response received.
Tool or Resource: RabbIt
Keywords: Network performance
Notes: This package requires Java.
URL: http://www.nada.kth.se/projects/prup98/web_proxy/
Description: RabbIt is a Java-based proxy for HTTP that filters out advertisements, images, and other unwanted materials. (It also has caching and image compression.) The authors indicate that RabbIt can significantly speed Web browsing on slow connections.
Tool or Resource: rinetd
Keywords: Network administration
Notes: The end-point server can't identify the source address.
URL: http://www.boutell.com/rinetd/
Description: rinetd redirects TCP connections from one IP address and port to another and offers deny/allow control rules.
Tool or Resource: RSBAC
Keywords: Enhanced access control
Notes: Don't install this unless you have a lot of Linux experience.
URL: http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
Description: RSBAC is Rule Set Based Access Control. This tool deploys very advanced technology to bolster access control. When users request access to a given resource, a central decision component queries all active decision modules. Together, these modules decide whether to grant access or not.
Tool or Resource: SAINT
Keywords: Network analysis
Notes: This package requires Perl.
URL: http://www.wwdsi.com/saint/
Description: SAINT is the Security Administrator's Integrated Network Tool, a network and system scanner that gathers information on remote hosts and services including finger, NFS, NIS, ftp and tftp, rexd, statd, and other services.
Tool or Resource: SATAN
Keywords: Network analysis
Notes: SATAN requires Perl 5.0+.
URL: http://www.fish.com/~zen/satan/satan.html
Description: SATAN is a scanner utility that will probe your host for possible security weaknesses. If SATAN finds such a weakness, it offers you a tutorial that explains the hole's impact and how to fix it.
Tool or Resource: SDDB and the Cisco Print System
Keywords: Network printing administration
Notes: None.
URL: http://www.tpp.org/CiscoPrint/
Description: This tool allows you to manage network printing on massive networks. Originally written at Cisco and used with some 1,600 printers, this system allows various printing systems to share network configuration information, thus solving many network printing woes. Print servers update all their counterparts within 30 seconds to a minute via UDP. This system is very cool and can be a system administrator's best friend.
Tool or Resource: Shadow Project and step
Keywords: Intrusion detection
Notes: Requires SSH, tcpdump, libpcap, and Apache.
URL: http://www.nswc.navy.mil/ISSEC/CID/
Description: This site houses documentation and tools for an innovative new intrusion detection system. It differs from its predecessors in that detection occurs in real-time by traffic analysis, instead of the typical log content analysis. In the long run, this brings big gains because often you're alerted to (and can circumvent) attacks before they actually amount to anything.
Tool or Resource: SINUS Firewall
Keywords: Firewall administration and deployment
Notes: You need Linux 2.0.x+.
URL: http://www.ifi.unizh.ch/ikm/SINUS/firewall/
Description: The SINUS Firewall is a free TCP/IP packet filter for Linux and provides most functions available in commercial firewalls. It is reportedly robust and reliable (the authors reported an uninterrupted run of 12 months without a crash). SINUS is great if you are studying firewalls or considering writing one.
Tool or Resource: Socket Script
Keywords: Network programming.
Notes: An ELF binary distribution is available.
URL: http://devplanet.fastethernet.net/sscript.html
Description: Socket Script is a new scripting language for easily making network-oriented applications. It obviates the need to learn socket routines. This package is good for building small, simple network applications.
Tool or Resource: Squid
Keywords: Network administration
Notes: Debian offers ready-made Squid packages.
URL: http://squid.nlanr.net/Squid/
Description: The Squid Internet Object Cache offers high-performance proxy caching for Web clients, and supports FTP and Gopher as well.
Tool or Resource: Squij
Keywords: Network administration
Notes: Requires Python 1.5 or better.
URL: http://www.pobox.com/~mnot/squij/
Description: Squij works with Squid. It's a program that looks at Web Proxy logfiles in Squid format and gives you information about how objects in the cache are accessed.
Tool or Resource: SRP Telnet and FTP
Keywords: Network encryption and authentication
Notes: Requires GNU MP + Cryptolib 1.1 (see site for details).
URL: http://srp.stanford.edu/srp/download.html
Description: SRP stands for the Secure Remote Password protocol, a new mechanism for performing secure, password-based authentication and key exchange over any type of network. At the moment, a secure Telnet and FTP distribution is available. However, I suspect that SRP may be plugged into many other network applications.
Tool or Resource: ssleay
Keywords: Network encryption
Notes: None.
URL: http://www.psy.uq.edu.au:8080/~ftp/Crypto/
Description: ssleay is a free implementation of Netscape's Secure Socket Layer, the software encryption protocol behind the Netscape Secure Server and the Netscape Navigator Browser. It provides encryption for sessions between Web clients and servers.
Tool or Resource: sslwrap
Keywords: Network encryption
Notes: Requires ssleay or RSA's RSAREF (see site for details).
URL: http://www.rickk.com/sslwrap/sslwrap.tar.gz
Description: sslwrap is a simple UNIX service that sits over any simple TCP service, such as POP3, IMAP, or SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can also encrypt data for services located on another computer.
Tool or Resource: stunnel
Keywords: Network encryption
Notes: Requires ANSI C support and ssleay.
URL: http://mike.daewoo.com.pl/computer/stunnel/
Description: stunnel is an SSL encryption wrapper between a remote client and a local (inetd-startable) or remote server. The concept is that with non-SSL aware daemons running on your system, you can easily set them up to communicate with clients over a secure SSL channel. Essentially, stunnel is a generic SSL wrapper that you can use to add SSL functionality to popular daemons without altering their source code.
Tool or Resource: tcpdump
Keywords: Network monitoring and logging
Notes: None.
URL: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z
Description: tcpdump is a network-monitoring tool that dumps packet headers from the specified network interface. It's useful for diagnosing network problems and forensically examining network attacks. tcpdump is highly configurable: you can specify which hosts to monitor, as well as what kind of traffic.
Tool or Resource: tiger
Keywords: Network and host analysis
Notes: None.
URL: http://net.tamu.edu/ftp/security/TAMU/tiger.README
Description: tiger is a set of scripts that scan your system looking for security problems, in the same fashion as COPS. This is an older package, written for UNIX, but it's a good one.
Tool or Resource: tinyproxy
Keywords: Network privacy
Notes: None.
URL: http://www.ninsei.com/tinyproxy/
Description: tinyproxy is a small, non-caching HTTP proxy suitable for use on small networks where a larger caching HTTP proxy, such as squid, might be impractical or a security hazard. tinyproxy has many nice features, including an ANON option where it doesn't send headers to remote servers.
Tool or Resource: tircproxy
Keywords: Network administration
Notes: None.
URL: http://www.mmedia.is/~bre/tircproxy/
Description: tircproxy is a proxy to help IRC users who are not directly connected to the Internet, but are behind a firewall based on Linux or some other UNIX variant. (You can use this yourself, maybe, but I don't know about giving your users access to it.)
Tool or Resource: Titan
Keywords: Network and host analysis
Notes: Read the license!
URL: http://www.trouble.org/titan/
Description: Titan is a collection of programs that fix or tighten one or more potential security problems arising from configuration of a UNIX system. Titan's author wrote it in the Bourne shell, and it is therefore easily understandable and extensible.
Tool or Resource: traffic-vis
Keywords: Network analysis
Notes: None.
URL: http://www.ilogic.com.au/~dmiller/traffic-vis.html
Description: traffic-vis is a network monitoring tool with data visualization.
Tool or Resource: Trinux
Keywords: Network security, monitoring, and troubleshooting
Notes: None.
Description: Trinux is a compact Linux system that fits on floppies and offers secure network monitoring and management. It offers and supports many common security tools. It runs with very meager resources (386 with 12MB RAM). Trinux is great for economical network troubleshooting.
Tool or Resource: ucd-snmp
Keywords: Network administration
Notes: Requires Perl.
URL: http://www.ece.ucdavis.edu/ucd-snmp/
Description: Auxiliary tools for the Simple Network Management Protocol.
Tool or Resource: uredir
Keywords: Network administration
Notes: None.
URL: http://sunsite.unc.edu/pub/Linux/system/network/misc/
Description: uredir is a UDP redirector. It redirects UDP packets coming in on a port to another port on another machine.
Tool or Resource: usocksd
Keywords: Network encryption and privacy
Notes: None.
URL: http://www.inka.de/sites/bigred/sw/
Description: usocksd is a small SOCKS5 server, not for hosts or networks but for individual users and their workstations. (The SOCKS protocol establishes a secure proxy data channel between two computers in a client/server environment.)
Tool or Resource: vpnd
Keywords: Network encryption
Notes: None.
URL: http://www2.crosswinds.net/nuremberg/~anstein/unix/vpnd.html
Description: vpnd is a daemon that connects two networks on the network level either via TCP/IP or a virtual leased line attached to a serial interface. All data transferred between the two networks is encrypted using the Blowfish. Essentially, this is a Linux VPN solution.
Tool or Resource: VPS
Keywords: Network encryption
Notes: Requires Perl 5.004+ and SSH.
URL: http://www.strongcrypto.com/
Description: VPS (Virtual Private Server) is a free, Linux-based VPN solution for connecting disparate networks securely over the Internet.
Tool or Resource: WebFilter
Keywords: Privacy and filtering
Notes: Works with CERN's Web server.
URL: http://math-www.uni-paderborn.de/~axel/NoShit/
Description: WebFilter is a powerful Web proxy for filtering out unwanted material (such as advertisements).
Tool or Resource: WOTS
Keywords: Network monitoring and intrusion detection
Notes: None.
URL: http://www.vcpc.univie.ac.at/%7Etc/tools/
Description: WOTS is a tool for monitoring logging output from multiple sources, and then generating actions and reports based on what is found in these logs (If you find this, do this).
Tool or Resource: WWWOFFLE
Keywords: Web caching
Notes: None.
URL: http://www.gedanken.demon.co.uk/wwwoffle/index.html
Description: The WWWOFFLE system simplifies World Wide Web browsing from computers that use intermittent (dial-up) connections to the Internet.
Tool or Resource: Xgate
Keywords: X11 traffic administration
Notes: None.
URL: http://verdict.uthscsa.edu/gram/xgate/index.html
Description: Xgate is a client/server system that creates a single TCP connection acting as a gateway between remote X11 clients and your local X11 server. It has some very practical uses, like redirecting X traffic in environments that use VPN servers, end-point proxies, or other network authentication systems that only handle incoming network connections and won't redirect X traffic.
Tool or Resource: xtacas
Keywords: Network user administration
Notes: None.
URL: http://www.netplex-tech.com/software/xtacacs/
Description: xtacas is s a modified version of Cisco's TACACS, which is an authentication system used to validate users in a network environment. xtacas allows a network access server to offload the user administration to a central server.