tarballed
June 9th, 2003, 21:35
I was reading some articles today at work on some downtime and I came across a few tools that I've heard of, but I dont hear about a lot.
So I started thinking and thought I'd just start a thread here on what are peeps favorite network and security tools, as well as what tools they recommend that other people have on their network.
For instance, snort is obviously a favorite tool. What about other tools, such as portsentry, tripwire, nagios(?), nessus, netcat and tcpdump for example.
Anyone want to take a minute to share their fav utilties as well as what utitlies they recommend to secure a network?
Let the posting commence!
Tarballed
bsdjunkie
June 9th, 2003, 21:40
Heres a good starting point for afew tools :roll:
http://www.insecure.org/tools.html
tarballed
June 9th, 2003, 23:43
Ya, I saw that list almost two weeks ago when it came out?
Very good list. I found some tools that I really like.
I was just curious to see what people here liked, and why. Maybe some cool examples of how they have set it up in the "real World" sorta speak.
:)
Tarballed
v902
June 9th, 2003, 23:44
nmap, snort, nc, ethereal, telnet, ettercap, and tcpdump are my favorites. Nessus is recommended alot, tripwire sucks unless the DBs' on a read-only floppy, even then it still sucks, you can remount /mnt/floppy with /mnt/attacker's DB, etc. Oh, and my favorite, ping -f, to stop those 3 hour long kiddie scans from one IP :twisted:
frisco
June 10th, 2003, 00:52
I was just curious to see what people here liked, and why. Maybe some cool examples of how they have set it up in the "real World" sorta speak.
dsniff is a great collection. arpspoof has come in handy when needing to show that switched networks aren't necessarily secure (vs. hubs). A few years ago i used it to redirect all network traffic through the wireless card on my 486 laptop. The network crawled for a couple minutes... but it was a fun excercise.
tcpdump and ethereal are great to look at general traffic. Learn to use tcpdump style rules. These are useful to verify there really isn't any plaintext moving back and forth.
nmap is a must to determine what's open/closed/filtered, what OS is running, etc. I use this on a daily basis when troubleshooting and/or verifying a host's integrity.
Knowing how to change MAC address on your machine is useful. sea.c on openbsd (google for it).
nessus can be good for diagnosing potential problems in the services a host runs, though i still remember a time i crashed a couple NT servers with it...
One thing to keep in mind: everytime you learn a new tool, consider its full range of uses. For example, HEAD, part of perl's libwww, comes in handy for quickly versioning web servers, and coupling nmap output with HEAD can be a quick way of versioning all the webservers on your network. Your own ingenuity is your greatest security tool.
Kernel_Killer
June 10th, 2003, 22:31
Oh man. Let's see here.
fragroute
ethereal
nmap (but of course)
bounce
BSD-airtools
John the Ripper
fakeident
hackbot
nemesis
Just to name a few.