By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html
To receive this digest via Email:
http://securityportal.com/subscribe.html
This is a summary of changes to free security tools over the last week.
Updates to General free tools this week include: Portable OpenSSH, sftp, AES encryption, Apache and Linux Kernel.
Auditing and Intrusion Monitoring tools include Nmap, Snort, SAINT, libnids and 8 other tools.
Firewalls for UNIX/Linux/BSD & Cross-platform include 5 tools and FwLogWatch which looks interesting.
Tools for Linux/Unix/Cross Platform include AMaViS, Immunix and 13 other tools. Generic Software Wrappers Toolkit 1.5.0 is a completely new tool in the digest and seems to be of interest.
Tools for Windows include 12 tools (most of them come from Foundstone).
SSH
- Portable OpenSSH
Damien Miller
http://www.openssh.com/portable.htmlThis is a Unix/Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. OpenSSH also features an independent implementation of the SSH2 protocol.
• Changes: OpenSSH is also designed to run on MacOS X.
- sftp 0.9.6
Brian Wellington
http://enigma.xbill.org/sftpSftp is an ftp replacement that runs over an SSH tunnel. Two programs are included - sftp and sftpserv.
• Comment: no new release of 0.9.6, but the author noticed that: sftp should work with ssh1, ssh2 (although early versions of F-secure ssh2 don't work for some reason), and rsh (if rsftp is used), with all known forms of authentication. If it doesn't work in some configuration, it's a bug and should be fixed.
Apache 1.3.14 - Apache 2.0a Alpha
Apache Software Foundation and The Apache Server Project
http://www.apache.org/distApache 2.0a Alpha is now available for alpha testing.
• Changes: new alpha version 2.0a. For more information about the changes, please consult http://www.apache.org/dist/CHANGES_2.0a
AES Encryption for Shell Scripts 0.6 (devel.)
Eric Lee Green and Randy Kielber
http://aescrypt.sourceforge.netAES Encryption for Shell Scripts provides strong encryption/decryption using the Advanced Encryption Standard algorithm "Rijndael" to do 128-bit encryption. This program was deliberately kept extremely simple. It is not intended to be a full encryption solution, it is intended to be used within scripts as part of a complete solution. Key chain management, public key signatures, etc. are all expected to be done external to this program.
• Current limitations: the keyfile is not encrypted. The keysize (= 128 bits) is hard-coded at the moment, despite any documentation to the contrary (need a "-s" option to specify key size). AES Encryption for Shell Scripts needs a key generator: this should be a simple shell script -- use dd to grab some data, then md5sum to create a hex mix of that data, then 'awk' to grab the hex part of the output of md5sum). It relies upon having /dev/urandom (see the Ocotillo PRNG if you don't have a /dev/urandom).
Linux-2.2.18
http://www.kernel.orgNew version 2.2.18 of Linux Kernel. The latest beta version of the Linux kernel is 2.4.0-test12.
• Changes: This is the newest stable release. Contains additional 2.4test ABI calls for controlling how capabilities are handled when using setuid calls. Complete changelog available at http://www.kernel.org/pub/linux/kernel/v2.2/linux-2.2.18.log.
Nmap
Fyodor
http://www.nmap.org
- Wap-Nmap 1.0.1
Andrew Dhillon
http://www.hackinthebox.org/article.php?sid=1170Wap-Nmap enables an Nmap scan from a WAP enabled device and pumps the results back to the device.
• Changes: new version 1.0.1. Now works better with hand phones.
Snort 1.7 beta8
http://ww.snort.org• New beta release: new version 1.7 beta8 has been released. No information about updates and changes.
• Updated Ruleset - by Jim Forster. I've updated the current snortfull.conf file today, with some repairs and updated information on many of the rules. (MANY thanks to Joe McAlerney and Roel Jonkman of Silicon Defense for the work on this!). Updates include CVE References, BUGTRAQ IDs, and MCAFEE IDs. McAfee ID's for the Virus and Worm rules can be looked up at http://vil.nai.com/vil/dispVirus.asp?virus_k=ID NUMBER. As usual, let me know of any problems with this release. You can download this updated set at http://www.snort.org/snort-files.htm#Rules
SAINT v. 3.1.1
World Wide Digital Security, Inc.
http://www.wwdsi.com/saintSaint is a security scanning tool based on Satan.
• Changes: new vulnerability checks in this version: check for Microsoft PhoneBook Server, check for multiple vulnerabilities in Serv-U FTP Server, check for vulnerability in MailMan. This new version also fixes source code to compile on non-ANSI C compilers.
Libnids 1.16
Rafal Wojtczuk
http://www.packetfactory.net/Projects/LibnidsLibnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection. The most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behavior of protected Linux hosts as closely as possible. Libnids is highly configurable in run-time and offers a convenient interface. Currently it compiles on Linux, *BSD and Solaris. WIN32 port is maintained separately here. Using libnids, one has got a convenient access to data carried by a TCP stream, no matter how artfully obscured by an attacker. You may have a look at a sample application.
• Changes: release forced by a security bug. A typo in libnids.c could cause libnids to segfault when source routed frame has been received.
FCheck 2.07.55
Michael A. Gumienny
http://sites.netscape.net/fcheck/fcheck.htmlFCheck is a PERL script written to generate and comparatively monitor a UNIX system against its baseline for any file alterations and report them through syslog, console, or any log monitoring interface. Monitoring events can be done in as little as one minute intervals if a system's drive space is small enough, making it very difficult to circumvent. This is a freely-available open-source alternative to 'tripwire' that is time tested, and is easier to configure and use. It runs under Unix and Windows NT/9x/3.x.(MD5:Not Generated)
• Changes: new version 2.07.55 available - no further information regarding enhancements or changes.
Qaudit.pl 02
Vade79
http://www.fakehalo.orgQaudit.pl is a script for quickly auditing .c and .cc source files. It checks for standard stack/heap overflows, format bugs, exec calls, env vars and miscellaneous functions related to possible security issues. This may not always be the best way to go about auditing, since it is not as good as doing it by hand, but I have found it to be rather useful for simple auditing.
• Changes: version 02 released.
Uptime Client 4.14 - Devel: 4.2.1.17
Alex de Haas
http://uptimes.atomicvoid.netUptime Client is a little program that keeps track of your uptime and sends it to a server where you can compare it to many other hosts and browse through various statistical information.
• Changes: new development version 4.2.1.17 released. The version numbering of the Uptime Client has changed (read the README for an explanation). The client has been updated for the Uptimes Protocol 4.2 (for details: http://www.uptimes.net/stuff/protocol.html). Initial attempts to add the support for a configuration file - in other words: it's there, but it's dirty. This version includes a better Makefile and the code and code layout have been cleanup. The INSTALL and README files have been updated.
Linux dshield.org Perl Client 0.1
Rob Casey
http://www.dshield.orgThe Linux dshield.org Perl Client package consists of an updated Linux dshield.org Perl client for submitting kernel firewall filter log entries to dshield.org. It has been written to implement tighter coding and better processing than the Perl client currently available on dshield.org.
TcpSpy 1.4
Tim J. Robbins
http://box3n.gumbynet.org/~fyre/softwareTcpSpy is a Linux administrator's tool that logs information about incoming and outgoing TCP/IP connections: local address, remote address and, probably the most useful feature, the user name. The current version allows you to include and exclude certain users from logging - this may be useful if you suspect one of the users on your system is up to no good but do not want to violate the privacy of the other users.
• Changes: new version 1.4 released. This version allow logging of the filename of the executable that created or accepted connections. Assorted bug fixes and code cleanups. Too many changes between version 1.2 and 1.3 to mention here, please see the TcpSpy for details. The major difference is the addition of the 'rule engine'.
Integrity checking utility (ICU) 0.1
Andreas Östling
http://nitzer.dhs.org/ICU/ICU.htmlICU (Integrity Checking Utility) is a PERL program used for executing AIDE filesystem integrity checks on remote hosts from an ICU server and sending reports via email. This is done with help from SSH.
Distributed Port Scanner 0.0.1
Chris Bechberger
http://www.geocities.com/bechbergerDistributed Port Scanner consists of a server that controls clients and tells them what port on the target machine to scan.
Zorp 0.6
Balazs Scheidler
http://www.balabit.hu/products/zorpZorp is a new generation proxy firewall suite running on Linux platforms. Its core framework allows the administrator to fine-tune proxy decisions (with its built in script language), fully analyze complex protocols (like SSH with several forwarded TCP connections) and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol). FTP and HTTP protocols are fully supported with an application-level proxy.
• Changes: first stable version Zorp 0.6.0 released.
FwLogWatch-0.0.27
Boris Wesslowski
http://www.kyb.uni-stuttgart.de/boris/software.shtmlFwLogWatch analyzes the IPchains packet filter logfiles and generates text and HTML summaries. It features real-time anomaly response capability and has an interactive report generator. FwLogWatch has the following features:
• Log summary mode: options to find and display relevant patterns in connection attempts. Intelligent selection of certain fields. It can separate recent from old entries and detects time-warps in log files. It includes plain text and HTML output with sort options. Integrated resolver for protocols, services and host names. Own DNS cache for faster lookups. Detects and processes IPchains, netfilter/iptables and Cisco log entries.
• Interactive report mode: the integrated report generator fills and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response and coordination centers (CERT/CC). Supports templates and incident number generation. All fields can be adjusted as needed interactively.
• Real-time response mode: the program detaches and stays in the background as a daemon. It detects if the necessary IPchains rules with logging turned on exist. Response can be a notification (a log file entry, an email or a remote winpopup message), a firewall modification or anything that can be invoked in a shell. In block mode a new chain for FwLogWatch is added and attackers are completely blocked with new firewall rules. Supports trusted hosts (anti-spoof).
• Changes: Solaris portability patches, added at_least option, added basic Cisco support, added basic netfilter support, extended the man page and added some options to the command line that were available only in the configuration file, improved web interface, colors of the HTML output can be changed in the configuration file, multiple actions can be combined in real-time response mode, added mail notification option to real-time response mode, added sort order options, added daemon status display through own web server. Various small fixes, several internal optimizations and various fixes and code cleanups.
• Comment: FwLogWatch is updated on a regular basis. It seems to be a really good tool that should be tested by people interested in firewall.
MmTcpFwd 0.4b
Matthew Mondor
http://mmondor.rubiks.netMmTcpFwd is a port forwarder daemon for Linux firewalls, a superserver which starts a standalone, non-root daemon per service. It has ability to limit connections on how many IPs and connections per IP, auto-DENY IPs upon an exceeded connection threshold, or fake services a-la portsentry. It uses a single configuration file.
• Changes: this new version includes a security enhancement: noticed that the non-root port forwarders still had some file descriptors open from the parent process, resulting from fork() duplication, childs now immediately close them before starting their normal operations. This also allows to leave more free file descriptors for the system and normal forwarding activities. This fix resulted more from paranoia than from actual risks, if the remote user was somehow able to buffer overflow with some code to use the descriptors it could have become a security risk. My fd functions are very safe against that however, and not running as root also secures things a lot; mmidentd, a fake MASQ-compatible ident server I wrote also has all those security enhancements, as it is made to run on firewalls. The version 0.4b includes now a standard Makefile: it allows easier compilation, using CFLAGS env var, it can now link with shared libraries and makes the executable much smaller. It also permits to make clean and make uninstall.
Defcon4 v4.5
Brad Welch
http://freshmeat.net/projects/defcon4Defcon4 is a good starting-point firewall script to use with IPchains, and tweaked to the user's needs. It has been tested on Redhat 5.x, 6.x all kernels above 2.2.x.
• Changes: version 4.5 of Defcon4 released - no further information regarding enhancements or changes.
Ferm 0.0.8
Auke Kok
http://www.geo.vu.nl/~koka/fermFerm compiles ready-to-go firewall rules from a structured rule-setup. These rules will be executed by the preferred kernel interface, such as IPchains and IPtables. Ferm will also add in modularizing firewalls, because it creates the possibility to split up the firewall into several different files, which can be loaded at will, so you can dynamically adjust your rules.
Firewall Log Daemon 1.2
Ian Jones
http://www.speakeasy.org/~roux/dmnFirewall Log Daemon is a program written in C which will watch for IPchains or iptables log alerts in real-time. The program will start a small daemon process that parses and resolves firewall logs by reading a FIFO that syslog writes to. It can queue a batch of alerts and mail them to you, or can be used in a script to crunch an existing log file or data stream. It features hostname, port, protocol, and ICMP type/code lookup, with output formatted by a user-defined template.
• Changes: Implemented output preprocessor templates: user definable output templates. If no output template is defined, the hard-coded output will result. Changed command line options: "-t <template>" to designate output template, "-l <logfile>" to override hardcoded default logfile, "-m" for mixed logging environments (tables and chains together), "-e <mail>" to specify the email target in daemon mode, "-s" to disable extended port lookups (use getservbyport instead). Moved icmp lookups to file access instead of hardcoded. Fixed problems with buffer file, no more lost logs between reboots. Fixed pid file not being deleted if daemon aborts at startup. Included routines for user setup errors. Fixed internal buffer overrun hazard, memory checks. Fixed signal handling to use sigaction instead of signal().
AMaViS
Christian Bricart
http://www.amavis.orgAMaViS is a mail virus scanner tool.
• Changes: An AMaViS Security Announcement was released addressing a potential hole for script viruses which has been fixed in AMaViS-Perl-10. We strongly advise you to upgrade. It fixes a potential hole for script viruses as well as a few problems with configure. Get it from this server or SourceForge. See Sourceforge for the release announcement.
Immunix System 7 (Beta)
Immunix
http://www.immunix.org/download2.htmlImmunix System 7 is based mostly on the Redhat Linux 7.0 distribution. It has been rebuilt with the latest (as of October 2000) Immunix Stackguard enhancements to the egcs compiler and Immunix FormatGuard enhancements to the glibc libraries. We have also included the Immunix Subdomain kernel module and OpenWall kernel patch for added security.
Egressor 1.0
MITRE's Cyber Resource Center Development Team
http://www.packetfactory.net/Projects/EgressorMITRE has released a freeware tool that allows a company to check the configuration of their Internet point-of-presence router. The tool will help companies determine whether their routers are configured to the Help Defeat Denial of Service Attacks guidelines. This configuration of egress filtering reduces the chance that their computers can unwittingly contribute to a distributed denial of service attack. The tool has two parts; a generator and a receiver. The test generator (or "client") is being provided as C source code and the test receiver (or "server") is a PERL script. Both are currently known to work on LINUX, and the server also works on Solaris.
unrm v0.91
Octavian Popescu
http://hideout.art.roUnrm is a small linux utility which can, under some circumstances, recover almost 99% of your erased data (similar to DOS's undelete).
• Changes: for more accuracy, searches your data among all the erased data in that day.
Generic Software Wrappers Toolkit 1.5.0
NAI Labs SEE Group
http://www.pgp.com/research/nailabs/secure-execution/wrappers.aspThe Generic Software Wrappers Toolkit allows you to wrap closed-source applications to constrain or transform their behavior. Wrappers are written that intercept system calls and other system events, and allow you to deny, transform, log, or augment the system events. They are written in a custom language that abstracts away many of the gritty issues, allowing the wrapper author to concentrate on policy. Sample wrappers include dbfencrypt, which provides transparent access to "encrypted" files; controlledx, which limits the programs a process can execute; and id-seq, a trainable sequence-based intrusion detection wrapper.
PAM SecureMediaXS 1.5
Igmar Palsenberg
http://projects.jdimedia.nl/index.phtml?ID=cryptoPAM SecureMediaXS is a PAM module that authenticates a user using challenge-response. All tokens that support ANSI X9.9 are currently supported and it provides full support for CryptoCard RB1 tokens. With PAM SecureMediaXS module, authentication works the following way: the computer asks the user who he is; this is the normal Login: prompt. Then the computer generates a random number and this number is given to the user. The random number is DES-encrypted with the user's 56 bit key. The user punches the random number into his calculator, and types in the return-value and finally the computer compares the response the user punched in with his own calculation. If the two calculations match, the user is who he claims to be, and is granted access. Otherwise access is denied.
Mmidentd 0.1b
Matthew Mondor
http://mmondor.rubiks.net/software.htmlMmidentd is a standalone ident server which can be run on masquerading Linux gateways/firewalls. It has security and capabilities similar to mmtcpfwd (See the Firewall section above). For example, it runs as a non-root user and communicates with an internal counterpart (running with root privileges) through a private pipe to allow DENYing any IP-abusing connection limits. It can handle many connections at once if wanted, and it uses pthreads.
• Notice: first public release.
MimeDefang 0.6
Roaring Penguin Software - David F. Skoll
http://www.roaringpenguin.com/mimedefangMIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.10 / 8.11 and will alter or delete various parts of a MIME message according to a flexible configuration file.
• Changes: Built in re_match functions are case-insensitive, fixes for problems with MS Outlook clients, integration with the H+BEDV virus-scanner, more flexible filter and action specifications, and a new requirement of Sendmail 8.11.
RenAttach 0.14
Jem Berkes
http://www.pc-tools.net/linuxRenAttach is an e-mail filter/processor that runs from a user's .forward file (or Sendmail). It is designed to protect end users (particularly those using Windows) from malicious e-mail attachments containing viruses or Trojans. It does NOT scan specifically for viruses, but rather renames e-mail attachments so that they can not be accidentally executed. It handles both UUEncoded and Mime encoded attachments. All incoming mail is instantly, automatically filtered.
Rule Set Based Access Control - Rsbac 1.1.0
Amon Ott
http://www.rsbac.orgRule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
• Changes: this version was ported to 2.4.0-test11. sys_mmap and sys_mprotect are now intercepted.
Stealth Kernel Patch 2.2.18
MadCamel
http://www.energymech.net/madcamel/fmStealth IP Stack is a kernel patch for Linux 2.2.18 which makes your machine almost invisible on the network without impeding normal network operation. Many denial of service attacks, such as stream, are much less effective with this patch installed, and port scanners slow to a crawl. It works by restricting TCP RST packets (no "Connection Refused"), restricting ICMP_UNREACH on udp (Prevents UDP portscans), restricting all ICMP and IGMP requests. A sysctl interface is used so these features can be turned on and off on the fly.
• Changes: new version 2.1.18. Stealth has been ported to Linux 2.2.18.
Defile v.1
Sil
http://www.antioffline.comDefile v.1 is a shell script which automates the secure removal of trivial files such as cookies, cache, etc., as well as old and unnecessary files such as core dumps, dead.letters, etc, it uses a package which ensures a pseudo random wiping compliant to U.S. Department of Defense standard and adds an hourly cron to ensure those files are wiped.
Drall 1.2.0.2 - devel: 1.3.4.0
Henrik Edlund
http://www.edlund.org/hacks/drall/index.htmlDrall is a script which allows users to access their directories and files remotely without the need of using insecure FTP and telnet. It enables the user to treat the remote file system as if it was on their local hard disk trough a normal web browser. The interface resembles the well known Norton commander (of DOS fame) and Midnight Commander (of UNIX fame). A dual-frame interface makes it easy to see an overview of the file system and the modular design means you only use the features you need. Drall is written in Perl for easy customization and expansion.
• Changes: New development version 1.3.4.0. Added a check so that there actually is an authenticated user before trying to do any suid stuff. and fixed so that the username and session variables in the script URL are escaped.
Averist 1.1.0.2
Henrik Edlund
http://www.edlund.org/hacks/averist/index.htmlAverist is a module that adds an authentication layer to any CGI application written in Perl. It supports initial authentication through CGI (form), and it can use CGI (hidden form fields) or cookies for re-authentication after a configurable timeout. It can also use a local or remote SQL database or DBM file for storing the session keys for increased security. The username and password check at the initial authentication can be done via an LDAP directory, an SQL database, a DBM file, or a passwd style file. Averist is written in Perl for easy customization and expansion.
LinearC Beta
KPL - Knowledge Propulsion Laboratory
http://linearc.kplab.com/download.htmlKPL, or Knowledge Propulsion Laboratory, has opened beta testing for LinearC, a privacy-protecting filtering proxy. LinearC was first announced at Toorcon Security Expo in a talk by KPL's Chief Scientist. Privacy vulnerabilities relating to the :CueCat, images loaded through FTP and others are taken care of. In addition, cookies are stored on the proxy and easily expired or deleted. It runs under FreeBSD, Linux, MacOS, Windows 2000, Windows 95/98 and Windows NT.
NTLast 3.0
Foundstone
http://www.foundstone.com/resources/tools.htmlNTLast v3.0 is a security audit tool for Windows NT. It can help identify and track who has gained access to your system, and document the details. Includes raw time output for Excel analysis and additional features for Webmasters.
Forensic Toolkit 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlForensic Toolkit v2.0 is a file properties analyzer designed to examine NTFS files on a disk drive for unauthorized activity. Lists files by their last access time, search for access times between certain time frames, and scan the disk for hidden files and data streams. Dump file and security attributes. Report on audited files. Discover altered ACL's. See if a server reveals too much info via NULL sessions.
Patchit 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlPatchit v2.0 is a file byte-patching utility. This is driven by a simple scripting language. It can patch sequences of bytes in any file, search for byte patterns (with wildcards) and also extract and utilize DLL exported function addresses as source positions in files to be patched.
Attacker 3.0
Foundstone
http://www.foundstone.com/resources/tools.htmlAttacker is a TCP/UDP port listener/attack warning program. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). Can minimize to the system tray and play an audible alert. This program is intended to act as a guard dog to notify you of attempted probes to your computer via the Internet.
BOPing 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlBOPing is a scanner for the infamous Back Orifice program. It is many times faster than the ping sweeper built in to the original client program. This is intended as a vigilante tool to notify victims who unknowingly have the Trojan on their system. It includes the ability to notify detected victims by sending them a BO message box message directly from within the program. This is first and foremost a simple tool for network administrators to perform a quick scan of their local area networks. Do not attempt to use this program against computers on the Internet that you have no right to scan since you are highly likely to be tracked down and attract the attention of your ISP and have your account terminated.
DoSPing 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlDDoSPing is a remote scanner for the most common Distributed Denial of Service programs (often called Zombies by the press). These were the programs responsible for the recent rash of attacks on high profile web sites. This tool will detect Trinoo, Stacheldraht and Tribe Flood Network programs running with their default settings, although setup of each program type is possible from the configuration screen. Scanning is performed by sending the appropriate UDP and ICMP messages at a controllable rate to a user defined range of addresses.
FileWatch 1.0
Foundstone
http://www.foundstone.com/resources/tools.htmlFileWatch (originally called ICEWatch 1.x) is a small utility that can monitor a given file for changes. Monitoring can detect file size changes or simply file writes, both with minimal impact on system resources (no polling is performed). The primary use of this utility is for monitoring changes in the log file of a personal firewall program and being able to spawn a separate application when changes are detected, but the tool can be applied to any number of other uses.
NTO Max 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlNTO May is a Pro-active tool to find holes before hackers do. Never "goes out of date". A scriptable, server stress testing tool. This tool takes a text file as input and runs a server through a series of tests based on the input. The purpose of this tool is to find buffer overflows of DOS points in a server. Be aware that the script file must be terminated by double carriage return, or you will get a script failure error when running NTOMax.
• Freeware Features: trial parameter lets you view the buffer to be sent w/o sending it, v parameter now toggles on verbose output - off by default, norecv parameter turns off the initial receive after initial connect - on by default and reopen parameter turns off/on ability to reopen connections before sends
NTO Tools 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlNew Seek and Destroy Toolkit includes four powerful network tools: NTOLoga - Powerful, network wide backup/clear utility for NT logs, LServers - NetBIOS name dumper, NPList - NT network process dumper, and NTODrv - NT network driver/service dumper.
Blast 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlBlast 2.0 is a small, quick TCP service stress test tool. Blast does a good amount of work very quickly and can help spot potential weaknesses in your network servers. For a detailed explanation and examples of usage of this tool, please read the .txt file included in the zip.
ShoWin 2.0
Foundstone
http://www.foundstone.com/resources/tools.htmlDisplays useful information about windows by dragging a cursor over them. It will also display hidden password editbox fields (text behind the asterisks *****) and can enable windows that have been disabled and unhide hidden windows. ShoWin runs under Windows 95/98 and Windows NT.
ICQr Information 1.3
Moritz Bartl
http://www.headstrong.de/cgi-bin/download.cgi?icqrinfoICQr Information reads out information stored in ICQ 99a, 99b and 2000a .DAT files, including user passwords, personal information (such as address) and even deleted contacts.
Note: tools announced on forums like SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
| © Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 14 December, 2000 |