Linux is one of the secured operating system. However, With the world of crackers (Evil minded Geeks & Hackers) Linux is also not so secure as we think.

Step 1: How to secure SSH port in Linux server?

Gaining SSH root access is the primary goal of every crackers around. Once they could get root access., They will install rookkits, keyloggers, mail bombs and etc. So, They usually try to gain access to your server using some formal password combinations.  They attempt to login to your server using bruteforce method.

SSH always runs on port number 22

You have to change it to some non-default number like., 2323 or 3009  some number that is hard to guess.

/etc/ssh/sshd_config

above file is the default ssh configuration file. You can change its “Port” value by opening it using Vi or Nano.  CentOS Documentation has clear information about how to change linux server ssh port to a non-standard number. This instructions applies for any redhat kernel based distro.

Step 2: Always check your /tmp folder

It is like., Checking your trash can of your bedroom for any hidden cams. Yes., Some crackers upload a *.php  *.py *.sh files to your server’s /tmp file and let them to become a primary spamming bot in your server.  You have to always try to find if there are any suspicious file around there in /tmp and delete them.  Usually deleting the file wont pay off. You have to find the source loop hole that allows such file in /tmp . You have to audit your web applications that allows file-uploads and anonymous FTP uploads to your server.

Step 3: Disable Anonymous FTP Service

Enabling anonymous FTP service is most like., Inviting robbers by opening your house window.

/etc/proftpd.conf

/etc/vsftpdvsftpd.conf

Simply disable anonymous FTP.

Step 3:  Always use SFTP and completely stop using FTP

SFTP is more secure than you think. Most windows based ftp clients such as filezilla, smartftp & coreftp could be affected by many malwares and it will upload “Trojan Horse JavaScript” code to your website files. I personally got affected my many javascript trojans because of virus infected ftp client transfers.  This wiki page has clear & simple information about how to install SFTP

Step 4:  How to disable direct file or image hotlinking?

Lets say you have a cool picture file in your website. http://mywebsite.com/images/picture.jpg  . If  a guy puts your file in his website and lets say his website has thousands of visitors per day., Then, You will be endup paying money for your excessive bandwidth. Disabling hotlink is like., Saving money in your server bandwidth. This is one of the best tool that lets your to generate .htaccess code for hotlink protection.

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what’s known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today’s Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

Read Full Story

When i was sitting workless just thought of testing my browser with java script and also my system capability to work on stress.I did two test in two browsers

1.Internet Explorer 6.0

2.Firefox 3.1X

Try the same to even to test your browsers.

First one tested runing a saved javascript file and here is the coding.

<script language=”javascript”>
var n=100;
for(i=0;i<100;i++)
window.open(“http://www.hwquest.com”);
</script>

IE:

Internet Explorer started opening 100 windows LOL. I killed the IE image in taskmanager.

Firefox:

Wisely showed a popup blocker asking user permission saying “This site trying to open 100 popups”

Thought how wise are the firefox programmers, extending one step further i tried direct javascript implementation by typing this in address bar

javascript:for(i=0;i<100;i++)window.open(“http://www.hwquest.com”);

The result it opened 100 tabs. So its not bad to report this bug or problem to firefox team.

IE 7 resulted in alert message saying harmful script!

Why to change IPV4

The basic TCP\IP technology has worked well for 2 decodes, even though thinking in a broad sense, the motivation revising the protocol arises from changes in underlying technologies and uses.

In early 90’s only universities and tech industry and Us-Government had internet, it has intented to a vast change as experienced as doubling in size every nine months or faster

This IP make suited to some of real time applications

FEATURES OF IPV6

Large address:-

This new address size is the most noticeablechange.IPV6 quadruples the size of an IPV4 address from 32 bits to 128 bits.The IPV6 address space is so large that it cannot be exhausted.

Extended Address Hierarchy:-

IPV6 uses the larger address space to create additional levels of addressing a hierarchy of ISP’s as well as hierarchical structure.

Flexible Header Format:-

IPV6 uses an entirely new and incompatible datagram format.Unlike the IPV6 fixed format header.IPV6 defines a set of optional headers.

Improved options:-

Like IPV4,IPV6 allows a datagram to include optional control information. IPV6 includes new options that provide additional facilities not available in IPV4.

Provision for protocol extension:-

Perhaps the most significant change in IPV6

Is a move away from a protocol that fully specifies all details to a protocol that fully specifies all details to a protocol that can permit additional features.

The extension capabilities has the potential to allow the IETF(Internet Engineering Task Force).To adopt the protocol changes in underlying network hardware or to new application.

Support for Auto configuration & Renumbering:-

IPV6 provides facilities that allow computers on an isolated network to assign themselves address and begin communicating without depending on a router or manual configuration & permits a manager configuration & permits a manager to renumber network dynamically.

Support for recourses allocation:-

IPV6 has two facilities that permits pre allocation

of network resources, a flow abstraction and a differentiated service specification. The latter will use the same approach as IPV4’s differentiated service.

Controversies of IPV6:-

The response that arguments could be made to increase every field leading to a bloated header. The function of the HOP limit fields to keep packets from wondering long time.

The Super Computer community wanted packets in excess of 64kb.When a super computer gets started transferring ,it really means business & does not want to be interrupted every 64kb.The argument against large packets if a 1mb packet hits a 1,5mbps T1 line.

IPV6 has no checksum as that of IPV4.It generously allows all packets passing through the IP address.

A simple socks proxy scanner php script, that uses to check a list of socks proxy servers’ online status.

Example:
123.234.12.32:3523
98.45.57.78:9823
23.32.44.23:3785
123.32.45.56:3453
34.75.56.234:9856

save above lines as “proxies.txt”.

Code:

$filename = "http://domain.tld/filename.ext"; //or a localpath.
$rel=file_get_contents($filename);
$ipset = explode("\n",$rel); // explode it based on your delimiter.
foreach($ipset as $ips)
{
$ipandport=explode(':',$ips);
//Porxy string format might be 123.156.189.112:8080
$host=$ipandport[0];
$i=(int)$ipandport[1];
$fp = @fsockopen("tcp://".$host,$i,$errno,$errstr,10);
// tcp:// because, socks4 uses TCP and socks5 uses TCP & UDP
if($fp)
{
echo("Result is $fp
“);
echo (“port ” . $i . ” open on ” . $host . “
“);
fclose($fp);
}
flush();
}
?>

You can connect to a remote windows machine and you can use it by creating a “Remote Desktop Connection”You can browse the folders, run applications and perform actions.

1. You should know the remote system’s IP address or Domain name.
2. You should have any one of remote user account details of the system.

Click Start -> All Programs -> Accessories -> Communications -> Remote Desktop to start Remote Desktop connection window.

For more options click on next tabs.

Choose the size of your remote desktop.

Connect with local resources like Disk drives, Printer etc..

Statup program settings

Speed and Appearance settings

By this way you can get connected to a remote computer.

You can allow authorized users to login in to your system. Lets see how you can setup a Rdesktop(RDP or Remote Desktop) connection.You can share your unused resources by allowing remote users for Rdesktop connection. You can share your files with them.Right click on “My Computer” icon

Follow the below steps.
Step-1

Step-2

Step-3


Step-4.
You have to create a user account in Control Panel -> User Accounts to finish this step.

Step-5

Step-6

That’s it we have successfully authorized a user for Remote Desktop Connection.

Internet Protocol Version 6 also known as IPv6 or IPng (Internet Protocol Next Generation) is a low level protocol designed to replace the IPv4 protocol defined in RFC 791 that has been the backbone of the Internet since the mid 1970′s. The basic reason for replacing IPv4 with IPv6 is the imminent exhaustion of the IPv4 32 bit address space. The most significant and best known change is the expansion of the address space from 32 bit to 128 bits but the format of IP packets has also been changed and the associated ICMP formats have also been revised. IPv6 is described in RFC 1883.

IPv6 Addresses

The preferred way of writing an IPv6 address is a group of eight 16-bit pieces represented in hexadecimal, Leading zeroes may be suppressed on the individual pieces giving addresses such as

FEDC:AB19:12FE:0234:98EF:1178:8891:CAFF 1090:0:0:0:A:200:20:CAFF

It is also permissible to concatenate a sequence of zero values as “::”, so the second example above could be written as

1090::A:200:20:CAFF An IPv6 address specifically identifies an interface rather than a host or node as with IPv4. This is not as revolutionary as it might appear since multi-homed hosts are common in IPv4 networks, with each port being in a different sub-net.

ICMPv6

ICMPv6 is related to IPv6 in the same way as ICMPv4 (RFC792) is related to IPv4. The first 10 words of an ICMPv6 header are the same as the first 10 words of an IPv6 header with the next header field set to 58. This is followed by a single word encoding the ICMP type and code in a single byte each followed by a 2 byte checksum. ICMPv6 is described in RFC 1885.

Source: http://www.scit.wlv.ac.uk/~jphb/comms/ipv6.html

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Why we need Tor

Using Tor protects you against a common form of Internet surveillance known as “traffic analysis.” Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you’re travelling abroad and you connect to your employer’s computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that’s an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you’re doing and, possibly, what you’re saying. That’s because it focuses on the header, which discloses source, destination, size, timing, and so on.

Useful Links:
Tor Home Page
Tor Overview
Download Links:
Linux/Unix packages
Mac OS X 10.4 (Tiger)
Windows Installer

Kismet : A powerful wireless sniffer

Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, …

NetStumbler : Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points (“wardriving”). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

Aircrack : The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

Airsnort : 802.11 WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.

KisMAC : A A GUI passive wireless stumbler for Mac OS X
This popular stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.

Wireshark : Sniffing the glue that holds the Internet together

Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

Kismet : A powerful wireless sniffer
Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, …

Tcpdump : The classic sniffer for network monitoring and data acquisition
Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn’t receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.

Cain and Abel : The top password recovery tool for Windows
UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented.

Ettercap : In case you still thought switched LANs provide much extra security
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Dsniff : A suite of powerful network auditing and penetration-testing tools
This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs.

NetStumbler : Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points (“wardriving”). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as >Kismet or KisMAC.

Ntop : A network traffic usage monitor
Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

Ngrep : Convenient packet matching & display
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

EtherApe : EtherApe is a graphical network monitor for Unix modeled after etherman
Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

KisMAC : A A GUI passive wireless stumbler for Mac OS X
This popular stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.

Metasploit Framework : Hack the Planet

Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.

Core Impact : An automated, comprehensive penetration testing product
Core Impact isn’t cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. If you can’t afford Impact, take a look at the cheaper Canvas or the excellent and free Metasploit Framework. Your best bet is to use all three.

Canvas : A Comprehensive Exploitation Framework
Canvas is a commercial vulnerability exploitation tool from Dave Aitel’sImmunitySec. It includes more than 150 exploits and is less expensive than Core Impact, though it still costs thousands of dollars. You can also buy the optional VisualSploit Plugin for drag and drop GUI exploit creation. Zero-day exploits can occasionally be found within Canvas.

Hping2 : A network probing utility like ping on steroids

This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more control over the probes sent. It also has a handy traceroute mode and supports IP fragmentation. This tool is particularly useful when trying to traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols.

Scapy : Interactive packet manipulation tool
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make.

Nemesis : Packet injection simplified
The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts.

Yersinia : A multi-protocol low-level attack tool
Yersinia is a low-level protocol attack tool useful for penetration testing. It is capable of many diverse attacks over multiple protocols, such as becoming the root role in the Spanning Tree (Spanning Tree Protocol), creating virtual CDP (Cisco Discovery Protocol) neighbors, becoming the active router in a HSRP (Hot Standby Router Protocol) scenario, faking DHCP replies, and other low-level attacks.

Ntop : A network traffic usage monitor
Ntop shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user’s terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.

Ngrep : Convenient packet matching & display
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

EtherApe : EtherApe is a graphical network monitor for Unix modeled after etherman
Featuring link layer, IP and TCP modes, EtherApe displays network activity graphically with a color coded protocols display. Hosts and links change in size with traffic. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

SolarWinds : A plethora of network discovery/monitoring/attack tools
SolarWinds has created and sells dozens of special-purpose tools targeted at systems administrators. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

Nagios : An open source host, service and network monitoring program
Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (smtp, pop3, http, nntp, ping, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).

Argus : A generic IP network transaction auditing tool
Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Netcat : The network Swiss army knife

This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was released by Hobbit in 1995, but it hasn’t been maintained despite its immense popularity. It can sometimes even be hard to find nc110.tgz.

The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations – often with modern features not found in the original. One of the most interesting is Socat, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also Chris Gibson’s Ncat, which offers even more features while remaining portable and compact. Other takes on Netcat include OpenBSD’s nc, Cryptcat, Netcat6, PNetcat, SBD, and so-called GNU Netcat.

Socat : A relay for bidirectional data transfer
A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 – raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.

Angry IP Scanner : A fast windows IP scanner and port scanner

Angry IP Scanner can perform basic host discovery and port scans on Windows. Its binary file size is very small compared to other scanners and other pieces of information about the target hosts can be extended with a few plugins.

Superscan : A Windows-only port scanner, pinger, and resolver
SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois.

Unicornscan : Not your mother’s port scanner
Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. it isn’t for the faint of heart.

Scanrand : An unusually fast stateless network service and topology discovery system
Scanrand is a stateless host-discovery and port-scanner similar in design to Unicornscan. It trades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu which was written by Dan Kaminsky.

Netfilter : The current Linux kernel packet filter/firewall

Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms (OpenBSD specific), or IP Filter. Many personal firewalls are available for Windows (Tiny,Zone Alarm, Norton, Kerio, …), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it.

Openbsd PF : The OpenBSD Packet Filter
Like Netfilter and IP Filter on other platforms, OpenBSD users love PF, their firewall tool. It handles network address translation, normalizing TCP/IP traffic, providing bandwidth control, and packet prioritization. It also offers some eccentric features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can trust that it has been well audited and coded to avoid the sort of security holes we have seen in other packet filters.

IP Filter : Portable UNIX Packet Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services. It can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. IP Filter is distributed with FreeBSD, NetBSD, and Solaris.

Firewalk : Advanced traceroute

Firewalk employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. This classic tool was rewritten from scratch in October 2002. Note that much or all of this functionality can also be performed by the Hping2 –traceroute option.

Tcptraceroute : A traceroute implementation using TCP packets
The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that the conventional traceroute(8) sends out (ICMP echo or UDP) end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.

What is Port Scanner ?

A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by hackers to compromise it.
Understand and Write a Port Scanner in PERL

Port scanner script in PERL

#!/usr/bin/perl

use IO::Socket;

$port = 1;

$output = “/home/sakuramboo/perl/OpenPorts.txt”;

open (LIST, ” >>$output”);

while ($port <= 65535){

$sock = new IO::Socket::INET (PeerAddr => ’127.0.0.1′,

PeerPort => $port,

Proto => ‘tcp’);

if ($sock){

close $sock;

print “$port -open\n”;

print LIST “$port -open\n”;

$port = $port + 1;

}

else{

print “$port -closed\n”;;

$port = $port + 1;

}

}

close(LIST);
now, lets take a look at how all of this works, shall we?

#!/usr/bin/perl

start off the perl script with this line.

use IO::Socket;
you are saying that you are going to be using the perl modules named IO::Socket. This allows you to utilize the commands for socket programming.

$port = 1;
you are declaring $port to equal 1.

$output = “/home/sakuramboo/perl/OpenPorts.txt”;
you are declaring that $output will be a file, and it is given then exact location of the file and file name.

open (LIST, ” >>$output”);
this opens the file from $output to allow the script to write to it.

while ($port <= 65535){
while $port (which is 1 at the start) is less than or equal to 65535 (the total number of ports a computer can have) if will do what is in the brackets.

$sock = new IO::Socket::INET
this declares that $sock will be a new socket connection.

(PeerAddr => ’127.0.0.1′,PeerPort => $port, Proto => ‘tcp’);
this is the details of $sock. PeerAddr points to the IP address you want to scan. For this script, i used the localhost. PeerPort points to $port (which starts at 1). this will be increasing as the script is run. Proto points to the protocol that is being used. If you wanted to scan ports with udp, you could. Just replace ‘tcp’ with ‘udp’.

if ($sock){
this is where the script uses the socket and attempts to make a connection with what you have in $sock. It is basically saying, “if $sock makes a connection to the settings in $sock do what is in the brackets.”

close $sock;
this closes the connection.

print “$port -open\n”;
this will print what port just got scanned and tell you that it is open, as well as return a line so everything doesnt get printed right next to each other.

print LIST “$port -open\n”;
this will print the same things that it did in the command prompt, into the file in $output.

$port = $port + 1;
this is where $port gets increased by 1.

else{

print “$port -closed\n”;

$port = $port + 1;

}
here is what happens if the port is closed. Does the same as if it was open exept that it doesnt print it to a file. I did this just so i know where it is in the port scan.

close(LIST);