|
ippacket
Generates IP/TCP/UDP/ICMP packets, with a curses interface
ipsend
Generates TCP/IP packets with a scripting language
(Darren Reed)
SPAK
Module generates TCP/IP packets by a shell pipe (IP, TCP, UDP)
(
Karyl F. Stein)
TOD
Touch of Death. Is able to kill connections, if used with
sniffit (
Brecht Claerhout
)
udpprobe
Send and receive UDP Packets
|
Network Scanning and Diag
|
nmap
good Port scanning tool which supports all well-known methods. On the namp Page is a link list of other scanning tools, too.
netdiag
Collection of Diagnosis Tools: strobe, tcpspray, trafshow, statnet, netwatch, tcpblast and netload. Source can be found on all Debian Mirrors in source/net/netdiag*.tar.gz
netcat
from Hobbit -
Swiss Army Knife for TCP and UDP (like socket). Simple Port
Scanner, simple Port redirector and simple access to sockets from Scripts.
iptraf
LAN statistic utility for Linux
btng
Beholder, The Next Generation RMON compliant Ethernet monitor
Trinux
A Linux Security Toolkit. Boot-Disks with some Scan/Sniff Tools
smb-nat
SMB Network Analysis Tool (1.0 and 2.0beta)
ADMsmb
ADM smb is a security scanner for Samba/LAN Manager Server Message Blocks/Window Shares from the ADM CreW
PortScanner
a simple TCP Portscanner
DOSTracker
MCI's DOSTracker can recognize and trace quite a few Deny-Of-Service Attacks on CISCO Networks back to the entry point of the attack.
queso
Queso identifies operating systems via the TCP packet signature
SmbScanner
SMB (Windows Share) Scanner by !Hispahack
traffic-vis
can visualize amount of traffic on IP networks between hosts
satan
Scanner with Web Frontend from Dan Farmer and Wietse Venema (look at his papers and tools)
Nessus
a security Scanner for Linux, *BSD*, Solaris and NT with different Frontends like Java and GTK
gate
Modular Linux Scanner Uses a user-friendly Curses GUI
saint
scanner based on Satan (not realy free)
COPS
a Un*x host security tool from Dan Farmer
Tiger
'tiger' is a set of scripts from TAMU that scan a Un*x system looking for security problems, in the same fashion as Dan Farmer's COPS.
Hunt
The main goal of the HUNT project is to develop a tool for
exploiting well known weaknesses in the TCP/IP protocol suite.
It implements some "new" features which apparently are not
available in any other free product.
tcpdump
Uses libcap to capture network packets
sniffit
Packet Sniffer (Brecht Claerhout)
epan
offline protocol analyser for tcpdump ([html] Peter Tobias)
tcpshow
reformats tcpdump output ([mail] Mike Ryan)
ITA
List of software in the Internet Traffic Archive, used to analyse, simulate and anonymize traffic
Argus
CMUs Network Monitoring Tool. Note: Argus 1.7 is ported to a lot of architectures, but it is not Free anymore.
karpski
A Gtk based sniffer with a nice GUI, well suited for ARP monitoring
ethereal
it's a utility that lets you capture and analyze network traffic. Based on GTK.
IPAC
IP Accounting Frontend to ipfwadm
netlog
TAMUs network logging toolkit [dir] including logging monitors for UDP and TCP, an extractor, and [txt] netwatch a real time network monitor
KSniff
KSniff is a packet sniffer/analyzer developed for the KDE
project which supports plugins written in TCL.
netwatch
Netwatch allows a user to monitor an Ethernet segment or PPP
line and examine activity on the network.
TODO:
ipgrab
icmpinfo
ESniff
net-acct
arpwatch
getethers
trafshow
ip daemons
|
IP Filter, NAT, VPN, IP encryption
|
CIPE
Crypted IP Encapsulation (Daemon and Module for Linux). Very lightweight secure VPN Solution by Olaf Titz
IP Filter
(TCP/IP Packet Filtering package for *BSD* based Systems and Linux including NAT, transparent Proxies and statefull screening.
masq/masqd
for Linux and winmasq
the win32 frontend from Jaume Miralles.
ipfwadm paper
about Linux build in packet filter by Jos Vos.
ipchains
the new Linux IP Filter
The Linux FreeS/Wan Project
with IPSEC, ISAKMP/Oakley and DNSSEC
sf firewall
dynamic statefull packet filter for Linux.
Linux IP-NAT Forum
real RFC NAT with Linux 2.0 from Michael Hasenstein
VPN for OpenBSD
in the current-tree of OpenBSD you can find a IPsec implementation
and a photurisd key management daemon. This is documented in [html] vpn(8).
ppptcp
Tunnel PPP over an arbitrary TCP connection
PPP on top of SSH
simple scripts to build a VPN based on SSH
drawbridge
TAMU's Filtering Bridge, a firewall Solution. Old Versions where running on DOS, the current version [dir] is running on FreeBSD.
VPS
Virtual Private Server for building VPNs based on PPP-over-SSH
GnuPG
The GNU Privacy Guard, a free PGP (2.6, 5.x, OpenPGP)
psst
... A free Shecure Shell Implementation
CTC
is a freeware PGP-interoperable encryption software package (including a PGP lib and a Mac Client)
SSLapps FAQ
about aaplications based on SSLeay
SRP Telnet and FTP
Secure Remote Password Project
Nautilus
Secure voice conversation
PGPPhone
Freeware Voice-over-IP Solution for Win32 with PGP security
Cryptonite
pure Java package for strong encryption
gPGPshell
gtk-interface to PGP and GnuPG
|
Superservers and TCP Wrappers
|
xinetd
xinetd is a replacement for inetd, the internet services daemon
UCSPI tcpserver
tcpcontrol
TCP Wrapper
g2s
An interesting inetd replacement including tcpwrapper/chrootuid/relay
tcp_server
small and simple tcp server
|
API-level Emulators and Proxies
|
API-level Emulators and Proxies
Port Forwarders
rinetd
redirects multiple tcp connections to remote hosts (behind the firewall)
from Thomas Boutell at Boutell.Com, Inc
redir
simple TCP Port redirector
netcat
See describtion in Section Network Scanning
socket
The program implements access to TCP sockets from shell level.
plugdaemon
Daemon to redirect connections, with some support for load balancing from Peter da Silva
uredir
simple udp redirector
Mail
IspMailGate
a general-purpose email filter integrated into sendmail, written in Perl and based on the MIME-tools. (not realy free)
smtpd/smtpfwd
Free Store+Forward SMTP Relay with Header-Filtering
Secure Tunnels
ssh (not realy free)
sslwrap
inetd redirector for SSL to unsecure services like POP3 or HTTP
stunnel
SSL wrapper like sslwrap can run from inetd or standalone,
can wrap remote services
HTTP (and CONNECT for SSL)
NNTP (News)
Misc Protocols
ByPRoxy
A personal Proxy for Filtering Internet Access (HTTP, SMTP, POP3, NNTP) (not realy free)
tircproxy
A Proxy for IRC (Internet Relay Chat) featuring DCC support by Bjarni Einarsson
DeleGate
Proxy/Cache/conversion/server for multiple protocols (FTP, HTTP, NNTP, ...) runs on different platforms
xgate
allows X11 connections through one-way firewalls like socks.
FreeTDS
free implementation of Microsofts and SyBase' TDS (Tabular DataStream) database client access protocol
bnc
a simple irc bouncing (proxy) tool
|
Authentication and Directory Services
|
xtacas
an extended Version of Cisco's TACAS Server by Vikas Aggarwal
Cistron RADIUS server
by Miquel van Smoorenburg
Mig's RADIUS LAbs
some summaries on the Linux-radius list
Lucent RADIUS
RADIUS Whitepaper, FAQ and Server
RADIUS Services for NDS
Novell offers this for free download
Basic Merit AAA Server
The Server formerly known as Merit Radius Server
LDAP at U-M
free Server and Clients for LDAP and X.500
Linux directory services
integrating LDAP into Linux (as a replacement for NIS)
Innosoft's LDAP World Implementation Survey
including free implementations
GAP
the General Authentication Protocol by Olaf Titz.
ident2
rewrite if an identd/auth protocol server
OpenLDAP
LDAP Tools based on the UMich's LDAP
Simple Distributed DataBase (SDDB)
a system designed to hold network directory type information across multiple machines. It is
designed to be an intranet level service rather than in an internet level
one. It allows updates to occur in multiple places (seperated by WAN links)
and yet the data to be merged into one seamless directory.
Integrity Checking
Tripwire
NCSfck
file integrity checker (like tripwire)
Nannie
It monitors system files for change in inode, size, etc. and notifies you if a change occurs.
Attack Detection
Gabriel
tocsin
courtney
Abacus Sentry
Detects TCP and UDP Port scaning, including stealth scans (not realy free)
|
Network Management, Data Collecting
|
gxsnmp
the GNOME Network Management Application. On this page you find some good links to SNMP Solutions
Scotty and Tkined
TKined is small and nice network management station based on Scotty which extends TCL with interesting network capabilkities.
Hummingbird Project
distributed data collecting with Postgres SQL backend
Pong3
system management tool
ucd-snmp
SNMP suit from the UC Davis, including support for Linux ipfwadm
psntools
managing a great number of user accounts at a site
PIKT
monitors systems, reports problems, and fixes those problems automatically whenever possible
cheops
GTK network shell which maps hosts and offers tools to work on them, uses portscanner and queries OStype
swatch
Logcheck
Fast and Reliable Log File Auditing (not realy free)
wots
WOTS is a logfile monitoring utility written in perl5. It's based on swatch but is brand new.
squij
analyse squid logfiles for refresh pattern setting
logscanner
a logscanner which can perform realtime notifications
|
Firewall Configuration and Adminstration UI
|
FCT
Fireall Configuration tool can generate ipfwadm and IPFilter Rules
ipfwadm dotfile module
makes setting up of ipfwadm files for simple installations easy.
John Hardin wrote that module for Jesper Pedersen's
[html] Dotfile Generator.
Mason
shellscript which generates ipfwadm rules by sniffing actual traffic patterns ([mail] William Stearns)
DNi
IP Filtering Firewall script for dial-up users based on javascript for Linux' ipfwadm
Fake
relace existing systems with backup servers (hot spare backup systems)
|
Operating Systems (Kernel, Patches, Extensions, Hardening)
|
Linux
FreeBSD
OpenBSD
pretty secure OS
NetBSD
Rule Set Based Access Control for Linux
Titan
is a collection of programs, each of which either fixes or tightens one or more potential security problems with a particular aspect in the setup or configuration of a Solaris/Unix system. Conceived and created by Brad Powell, it was written in Bourne shell, and its simple modular design makes it trivial for anyone who can write a shell script or program to add to it, as well completely understand the internal workings of the system.
Trinoo
Diverse stuff related to DDoS (Distributed Denial of Services). Docs and tools can be found here.
Freestone
from SOS Corporation
Patches for Security Tools from SOS.
Juniper Firewall Toolkit
from Obtuse Systems Corporation
Freier Store und Forward SMTPd
Utilities Sammlung from Obtuse.
The Firewall Toolkit
from TIS
FWTK FAQ
A lot of information and the Patches for transparent support
qmail
newer, faster and more secure Mail Transfer Agent.
RIGAT
Remote Integrated Graphical Administration Tools.
BlackMail SPAM Protection
[email protected]
JNet
|
