Weekly Security Tools Digest
2000/11/18 to 2000/11/24

By Seán Boran (sean at boran.com) for SecurityPortal


Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html

To receive this digest via Email:
http://securityportal.com/subscribe.html

This is a summary of changes to free security tools over the last week.


The Rundown

Updates to favourite free tools this week include:  Yassp, NessusWX, NetSaint, Dante, Mindterm SSH, Online Vulnerability Scanners

Tools for Windows include Zebedee, Ethereal, BCWipe.

Firewalls for UNIX/Linux/BSD & Cross-platform: floppyfw, Smoothwall, Stunnel and 5 other tools.

Tools for Linux/Unix/Cross Platform: 14 items this week.


Favourite Tools

Yassp beta #15
Jean Chouanard
http://www.yassp.org

Yassp (Yet Another Solaris Security Package) is a script for hardening Solaris and also includes many useful precompiled security tools.
Change: Much tweaking has gone into betas 12,13,14,15 released in the last few days. The final release should be available very soon (when beta has been well tested). If you are a Solaris sysdmin, please consider testing Yassp and providing input at this very important stage before the final release.

Nessus
Renaud Deraison
http://www.nessus.org

Victor Kirhenshtein has written a new Win32 Nessus client - NessusWX v0.9.2. It has a radically different interface, you should try it out if you are a Win32 user.
http://www.opticom.lv/~nessus/

 

NetSaint Network Monitor
Ethan Galstad
http://www.netsaint.org/

Jason Blakey has released version 4.2 of his NetSaint Easy Administration Tool (NEAT) and Sebastien Barbereau has made public a reporting tool that produces reports of equipment uptime by scanning the NetSaint logs for output from the check_ping plugin.

 

Dante Socks V1.1.6
http://www.inet.no/dante/

Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity.
Changes: This release is a bugfix release intended to fix a problem where if someone sent a negative hostname length, the Dante server's internal checks would detect this and it would then abort with a "internal error detected" message.

 

Mindterm SSH v1.00 pre1
Mats Anderson
http://www.mindbright.se/mindterm/

Comment: This tool along with putty are my favourite SSH clients for windows. Although a pre/release, it looks better that v115 or 1.2.
Changes: Integrated SSH2 code into Mindterm, only works with auth types publickey and password. Implements tunneling (also ftp). Doesn't currently support file transfer. NOTE: Not all features of the protocol is exposed in the current GUI nor is all old features relevant with the new protocol. Removed some control character processing in the terminal causing problems on some jdk's/locales (especially on some win32 implementations the ALT_GR key generates ctrl + alt for some obscure reason?!) Fixed bug when deleting tunnels with tunnels setup dialog. Fixed bug in terminal, couldn't select single character. Fixed bug (brain damage!) in terminal, slooow "select all".

 

Talisker's Online Vulnerability Scanners
http://website.lineone.net/~offthecuff/Onscan.htm

Talisker has started listing online scanners. The free one listed are:

Hacker Whacker
http://www.hackerwhacker.com/
Comment: I never received and email to get this working.

ISS
https://onlinescanner.iss.net/about.html

Privacy Analysis
http://privacy.net/analyze/analyzehow.asp

Shields Up
https://grc.com/x/ne.dll?bh0bkyd2
Comment: I'm not very convinced of this site. The are several general assertions that do not seem to have foundation and it tens to be 'sensationalist'.

Sygate Scan 
http://scan.sygatetech.com/ 

Symantec Security Check 
http://security1.norton.com/us/intro.asp?venid=sym&langid=us

Thresher
http://www.farm9.com/Free_Tools/Windows_Test


Tools for Windows

 

Zebedee: Secure IP tunnel, Development v2.1.3
http://www.winton.org.uk/zebedee/

Zebedee is a simple program to establish an encrypted, compressed “tunnel” for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.

 

Ethereal v0.8.14
http://www.ethereal.com/

An exploit for a buffer overrun in the AFS dissector was recently released on BugTraq. Ethereal 0.8.14 fixes this and other possibly-exploitable overruns. Also new in 0.8.14 are dissectors for WAP, SIP, AIM/OSCAR, 802.11, GIOP v1.2, and MGCP (plugin). Other dissectors were updated as well. Be sure to upgrade to 0.8.14 as soon as possible.

 

SecuriTeam

BCWipe
http://www.jetico.sci.fi/index.htm

The BCWipe utility is a shell extender for Windows 95/98/NT/2000, intended to securely delete your files.

 


Firewalls for UNIX/Linux/BSD & Cross-platform

floppyfw 1.9.2
http://www.zelow.no/floppyfw/

floppyfw is a static router with the firewall-capabilities in Linux.
Changes: Kernel 2.4-test10 with iptables 1.1.2 and Busybox 0.48pre. A 1.0.6 version of floppyfw with PPPoE is also available.

 

SmoothWall 0.9.5LF
http://sourceforge.net/projects/smoothwall

SmoothWall is a cut-down Linux distro based on VA Linux-optimised Red Hat. It takes a redundant PC and turns it into a fully-auditable firewall and router, managed via any Web browser on any platform on an internal network. It features a DHCP server, firewall logging, SSH, FTP, and telnet and it also has a DNS proxy.

 

FreshMeat

Edge router  alpha 1.022
http://freshmeat.net/projects/edgerouter/

A basic stand alone Internet firewall.

 

Securepoint Firewall Server SB v1.1
Lutz & Oliver Hausmann
http://freshmeat.net/projects/securepointfirewall/

The Securepoint Firewall Server is a high-performance, commercial-grade application designed to offer full protection for network assets. The Securepoint is a complete software system with an operation system, based on a secure Linux. You can use the firewall on a standard PC with two or three network cards, and is easy to install and administer.

 

Stunnel Dev. version 3.8p4
http://freshmeat.net/projects/stunnel/

The Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so Stunnel supports whatever cryptographic algorithms you compiled into your crypto package.

 

Iridium Firewall 1.48
http://freshmeat.net/projects/iridiumfirewall/

Iridium Firewall is a script which uses the ipchains facility in Linux 2.2 to perform network packet filtering in an attempt to protect against network-based computer attacks. It's written so that users that know what they are doing can easily configure the script themselves, but it also offers a beginner many convenience flags to turn common features on and off.

 

Defcon4 v4.2f
Brad Welch
http://freshmeat.net/projects/defcon4/

defcon4 is a good starting-point firewall script to use with ipchains, and tweaked to the user's needs.

 

 

ulogd v0.9
Harald Welte
http://freshmeat.net/projects/ulogd/

The User-space Logging Daemon (ulogd) is a flexible framework for extensive logging of packets on a firewall machine. ulogd uses the ULOG target of iptables/netfilter, the packet filtering framework of Linux 2.4. It supports binary plugins for adding packet interpreters and output-targets (e.g., for logging into databases, user-defined filetypes, etc.).
Changes: Adds support for user-space firewall packet logging to netfilter

 

SecurityFocus

IP Accounting Daemon 1.0
Andrey Simonenko
http://www.simon.org.ua/ipa

IP Accounting Daemon (ipa) is a configurable IP accounting daemon. It allows one to do IP accounting based on IP Firewall or IP Filter accounting rules. It has a flexible configuration file with many sections and options, including control over which time period to account over.

 


Tools for UNIX/Linux/BSD & Cross-platform

 

Paranoia dev. 3
http://paranoia.sourceforge.net

Paranoia allows groups of people to securely chat and exchange information (file sharing). Because Paranoia is used between known, or at least, partially trusted users, it isn't meant to be used in the same way as (for example) Gnutella. Paranoia is more like a real-time Yahoo/Excite/whoever club than it is like Gnutella/scour/whatever. You can't just boot Paranoia, get onto the net and start leeching files. However, what you can do is share files amongst people you know. You can also extend this to people that they know, but you don't.
The general goals are:
- To allow you to chat in relative security
- To allow you to send data over the net to friends with the same security, and provide easy ways of testing and checking their identity.
- To allow you to share data based upon the identity of the connecting client. This will mean you can set up ratio servers for people you don't know, and have no-ratio, or more generous ratios for people that you know and like. You can also ban people on a per identity basis, although they are free to generate another ID and come back again as a "new" user. Banning on IP is a possibility.

 

Packet Storm

ITS4 v1.1.1
http://www.cigital.com/services/its4

ITS4 scans C and C++ source code, looking for function calls that have potential security vulnerabilities. For some calls, ITS4 tries to perform some code analysis to determine how risky the call is. In each case, ITS4 provides a problem report, including a short description of the potential problem and suggestions on how to fix the code.

 

LIDS 0.9.10-2.2.17
Xie Hua Gang
http://www.lids.org

The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. Changes: Fixed umount filesystem bug, fixed NFSd and FTPd capability usages, and sys_sysctl() bug fixed.

 

srm v1.2.2
Matthew Gauthier
http://srm.sourceforge.net 

secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised. Changes: Minor bug fixes, -f now really does ignore nonexistent files now.

 

FreshMeat

star 0.1
Brian Wagener and Katrina Illari
http://freshmeat.net/projects/sectar/

Secure Tar (star) creates encrypted tape archives (tar files) using the AES algorithm Rijndael. It can encrypt a single file only with 256 bit keys and blocks. The encryption is exported under exemption TSU 740.13.

 

Saint Jude 0.04
Tim Lawless
http://freshmeat.net/projects/stjude/

Saint Jude LKM is a Linux kernel module that implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.

 

IPTraf v2.3.1
Gerard Paul Java
http://freshmeat.net/projects/iptraf/

IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others.
Changes: This version is a maintenance release fixing some bugs in the IP traffic monitor sorting code, including a condition which can cause a segfault. IPTraf 2.3.0 users are encouraged to upgrade.

 

SecuriTeam

TINC 1.0pre3 (a free VPN for Linux )
Guus Sliepen, Ivo Timmermans
http://tinc.nl.linux.org/

TINC is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet.

 

SecurityFocus

TWWWscan 0.6+
twenty sad soul
http://search.iland.co.kr/twww

Command line CGI vulnerability scanner. Using anti-ids URL-encoding option -ids New in this version: supports passive mode scan, Includes windows NT 4, Windows 2000 Patch Information, (~30/05/2000) 186 bugs checked, changed scan interface. Bug fixed,add Internet Information.
New in this version: (~2000/11/16) 300 over www bugs checked delete internet information option -i added iissample.exe,nesscan.exe,trans.pl added some directory scan fixed against redhat 7 webserver detection

 

SDSC/GT Secure FTP v1.02
Gary Cohen and Brian Knight
http://www.glub.com/products/secureftp

Secure FTP is a client package that allows for a secure connection to be made to an FTP daemon. In this release, we support connecting via the Secure Sockets Layer, or SSL. Future releases may support other authentication mechanisms (e.g. Kerberos, OPIE).
This client is supported on Windows and any Unix platform where a Java 2 (or Swing) runtime environment is present. It was written in 100% Pure Java and can act as either an application or an applet. The applet version will only run under Windows at this time, but we are looking into other solutions.
Since crypto is present in this product, US export restrictions are in affect. If you reside in an embargoed country you will not be allowed to use this product.
Secure FTP is a joint production with the San Diego Supercomputer Center.

 

SILC (Secure Internet Live Conferencing): 20001120 Development Version
Pekka Riikonen
http://silc.pspt.fi

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic.

 

Geheimnis 1.15b
Chris Wiegand
http://geheimnis.sourceforge.net

Geheimnis is a KDE application that "wraps" around GnuPG/PGP's irksome command-line interface and makes it easier for users to use these programs. It is made in the style of Win31's PGP Shells that were GUI-based wrappers around PGP2's command line interface.

 

Ebola 0.1.4
Paul L. Daniels
http://www.pldaniels.com/ebola

Ebola is used as a bridge between AV engines (e.g., Sophos) and scanning scripts (e.g., Inflex and AMaViS) to provide much-improved performance by handling file scanning requests on behalf of the scripts while keeping a SINGLE session of the AV engine open, rather than restarting one each time.

 

 

Nutcracker 1.9
Ryan T. Rhea
http://www.northernlights.bizland.com/nutcracker.html

Nutcracker is a simple, fast, and effective password cracker for UNIX and Linux systems. Disabled accounts and accounts with no password are detected. Results are shown in a nicely-formatted table. A sample password file and dictionary file are included, although you can use any word list you wish (including the file '/usr/dict/words' included with most Linux distributions). Nutcracker will work with '/etc/passwd' or '/etc/shadow' files.


Note: tools announced on forums like SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you of new or updated, free, tools.

About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 22 November, 2000