GMO's List of Free Network Security and Monitoring Tools


Until very recently you had to have some know-how to crash a kernel. Not anymore. Any fresh-faced newbie can download a kiddie-script, fire off a vulnerability scan and, in no time come up with a nice juicy target list. Along with breathtaking advances in computer technology has come a vast proliferation of easy to use computer hacking programs, freely available on the Internet, and a boon to greenhorn hackers. They use programs called 'exploits', 'tools', or 'attacks' --- with names like Smurf, Teardrop, and John the Ripper.

The Pentagon, traditionally the most assailed hacking target on the Earth, undergoes 80 to 100 attacks every day.

If you are a network manager or server system administrator, you should do your due diligence to protect yours and your customers data from these easy to use attack scripts.

The free tools below can assist in finding your current vulnerabilites and susceptibility to such attacks. You may require at least some limited computer skills, limited of knowledge IP networks and limited knowledge of operating systems to utilize these tools effectively.

Hackers, crackers and Trojan horses: A primer This an article on CNN's web site that explains the basics of hacking and the types of attacks.

Network Tools

 Below is a list of programs that gather information from the network or improve the security of the network.

  • Argus --- Argus is a powerful tool for monitoring IP networks. It provides tools for sophisticated analysis of network activity that can be used to verify the enforcement of network security policies, network performance analysis and more.
    Availability: anonymous ftp at ftp.sei.cmu.edu or COAST

  • Arpwatch --- An ethernet monitor program that keeps tracks of ethernet/IP address pairings.
    Availability: anonymous ftp at ftp.ee.lbl.gov or at COAST

  • Courtney --- It is a program that tries to identify the use of SATAN on a subnet. The program tcpdump will also be needed in order to run Courtney. See below for information above tcpdump.
    Availability: anonymous ftp at ciac.llnl.gov
    Additional Info: CIAC Notes 08

  • Dig --- Dig is a network utility which queries Domain Name Servers similar to nslookup but it's more reflexible.
    Availability: anonymous ftp at venera.isi.edu or at COAST

  • Drawbridge --- Powerful bridging filter package.
    Availability: anonymous ftp at net.tamu.edu

  • Fping --- An efficient way to test whether a large number of hosts are up.
    Availability: anonymous ftp at slapshot.stanford.edu

  • IPACL --- Filters incoming and outgoing TCP and UDP in a SVR4/386 kernel.
    Availability: anonymous ftp at ftp.win.tue.nl or at COAST

  • ISS --- Checks hosts within a specified range of IP address for various security vulnerabilities in sendmail, anonymous FTP setup, NFS and many more. Produced by ISS
    Availability: anonymous ftp at aql.gatech.edu or at COAST
    Additional Info: CERT Advisory 93:14.Internet.Security.Scanner

  • Klaxon --- It is a daemon that is used to identify the use of port scanners like ISS and SATAN.
    Availability: anonymous ftp at ftp.eng.auburn.edu or at COAST

  • Netlog --- Network logging and monitoring of all TCP and UDP connections on a subnet. Netlog also includes tools to analyzing the output.
    Availability: anonymous ftp at net.tamu.edu or at COAST

  • nfsbug --- ?? Tickles an NFS bug.
    Availability: anonymous ftp at COAST

  • NFSWatch --- NFSWatch monitors NFS requests and measures response time for each RPC.
    Availability: anonymous ftp at COAST

  • Pidentd --- Identd tries to identify the remote user name of a TCP/IP connection. Identd is an implementation of RFC 1413.
    Availability: anonymous ftp at ftp.lysator.liu.se
    or ftp.csc.ncsu.edu
    Additional Info: RFC 1413

  • Rscan --- Rscan is a extensible network scanner that checks for common network problems and SGI specific vulnerabilities.
    Availability: anonymous ftp at ftp.vis.colostate.edu
    Additional Info: Rscan: Heterogeneous Network Interrogation

  • SATAN --- SATAN is a program that gathers network information such as the type of machines and services available on these machine as well as potential security flaws.
    Availability: anonymous ftp at ftp.win.tue.nl or at COAST. Also see fish.com for a list of mirror sites.
    Additional Info: Cert Advisory CA-95:06.satan

  • Scan-Detector --- Scan-detector determines when an automated scan of UDP/TCP ports is being done on a host running this program. Logs to either syslog or strerr.
    Availability: anonymous ftp at COAST
    Additional Info: COAST Projects' Tools

  • screend --- Program by Jeff Mogul at DEC.
    Availability: anonymous ftp at COAST

  • Netscape Secure Sockets Layer --- Netscape SSLRef is a reference implementation of the Secure Sockets Layer protocol intended to aid and accelerate developers' efforts to provide advanced security within TCP/IP applications that use SSL. SSLRef consists of a library, distributed in ANSI C source-code form, that can be compiled on a wide variety of platforms and operating systems and linked into an application program. It's free for noncommercial use and available now.
    Availability: apply to download at Netscape

  • Simple Key-Management For Internet Protocols (SKIP) --- SKIP adds privacy and authentication at the network level.
    Availability: USA and Canada--via web form
    Availability: International--anonymous ftp at ftp.elvis.ru
    Additional Info: SKIP Information and SKIP in Russia

  • S-Key --- Software-based one time password scheme.
    Availability: anonymous ftp at COAST

  • Strobe --- Strobe displays all active listening TCP port on remote hosts. It uses an algorithm which efficiently uses network bandwidth.
    Availability: anonymous ftp at suburbia.apana.org or minnie.cs.adfa.oz.au or at COAST

  • TCP Wrapper --- Allows a Unix System Administrator to control access to various network services through the use of access control lists. It also provides logging information of wrapped network services which may be used to prevent or monitor network attacks.
    Availability: anonymous ftp at ftp.win.tue.nl or at COAST
    Additional Info: TCP Wrapper

  • Tcpdump --- It captures and dumps protocol packets to monitor or debug a network.
    Availability: anonymous ftp at ftp.ee.lbl.gov or at COAST

  • Traceroute -- Traceroute traces the route IP packets take from the current system to a destination system.
    Availability: anonymous ftp at ftp.psc.edu or at COAST

  • Xinetd --- It's a replacement for inetd which has extensive logging and access control capabilities for both TCP and UDP services.
    Availability: anonymous ftp at qiclab.scn.rain.com or at COAST

    • System Monitoring Tools

     Below is a list of programs that help check the security of a system.

  • COPS --- COPS (Computer Oracle and Password System) is a security program that tries to identify security risks on a Unix system. It checks for empty passwords in /etc/passwd, world-writable files, misconfigure anonymous ftp and many others.
    Availability: anonymous ftp at ftp.cert.org or at COAST

  • Lsof --- lsof displays all open files on a UNIX system.
    Availability: anonymous ftp at vic.cc.purdue.edu or at COAST

  • Merlin --- Merlin is an interface to five popular security packages (COPS 1.04, TAMU Tiger 2.2.3, Crack 4.1, Tripwire 1.2, and SPI 3.2.2) to make it easier to analyze and manage the data.
    Availability: anonymous ftp at ciac.llnl.gov
    Additional Info: Merlin Information

  • Swatch --- Swatch is a package used to monitor and filter log files and executes a specified action depending on the pattern in the log.
    Availability: anonymous ftp at ee.stanford.edu or at COAST

  • Tripwire --- Monitor for changes in system binaries and configuration files. It is a static file integrity checker utilizing many hash algorithms including MD5.
    Availability: anonymous ftp at COAST
    Additional Info: Tripwire

  • TTY-Watcher --- TTY-Watcher monitors, logs and interacts with all of the tty devicses on a system.
    Availability: anonymous ftp at COAST
    Additional Info: TTY-Watcher

  • Tiger --- Checks for known security vulnerabilities of Unix workstations. It is similar to Cops with many extensions.
    Availability: anonymous ftp at net.tamu.edu or at COAST

    • Others
  • Stalker by Haystack Labs
  • Berkeley Packet Filter
  • RealAudio and Firewalls




    • Sign GMO's Guestbook!
    Read GMO's Guestbook!


    Back to GMO's Main Page!