Slashdot Mirror

← Back to Stories (view on slashdot.org)

Missing Open Source Security Tools?

Posted by simoniker on from the swiss-army-knife dept.

Kinetic writes "There are many great open source security tools out there, Nmap, Nessus, and DSniff, just to name a few. However, with the world of security constantly changing, this begs the question, what open source security tools are missing? What commercial security tools have no viable open source alternatives? When securing/testing/exploring networks (home or enterprise), what security tools/applications/functionality are lacking (or non-existent) in the open source world?"

28 of 362 comments (clear)

  1. Sniffer Pro by Nonesuch · · Score: 5, Informative
    Sniffer Pro has features which neither "ntop" nor "ethereal" come anywhere near, both in the realtime monitoring of traffic and also in some of the "expert" functionality.

    I've yet to find an open source tool that can show a "matrix" graph of source and destination talkers by MAC/IP/IPX name in realtime as found in Sniffer. Other tools show some of this information, but do not render the same graphical display (chords of a circle) as Sniffer.

    With ethereal there's to do this with snapshots using graphviz, but not realtime...

    --

    I do not deploy Linux. Ever.
    1. Re:Sniffer Pro by pkey · · Score: 5, Informative

      If I'm understanding what you're looking for (I've never seen Sniffer Pro in action), I think EtherApe might do it. It hasn't been updated since January of 2003, but the current version works fine for me.

  2. There are open security methodologies and tools! by bandrzej · · Score: 5, Informative
    Sheez, post something of importance, and get a bunch of smart ass flack.

    If you are looking for a proven open standard methodology for performing security tests, then Open Source Security Testing Methodology Manual (OSSTMM) is the way to go.

    In addition, there is the linux distro of Trinux, which includes most of the common linux open source security auditing tools.

    --

    LainTheWired = isgod( int Lain, int denial, float truth)

  3. Re:Your favorite tools by Lancer · · Score: 5, Informative
    My favorite tool?

    knoppix-std

    Most every security tool a network admin (or script kiddie) could want in a convenient iso package.

    --
    Outside of a dog, a book is man's best friend. Inside a dog it's too dark to read. - Groucho Marx
  4. Re:Open source virus scanners by Mc+Fly · · Score: 5, Informative

    Duh.
    Dude, you should see clamav, a full opensource antivirus for Linux, FreeBSD and even Windows, which integrates nicely with virtually every mailer out there.

    --
    He is the Path, the Truth and the Life
  5. tcpdump has src and dest filters by rdunnell · · Score: 3, Informative

    You can do stuff like tcpdump -i xl0 src 10.0.0.1 and dst 10.0.0.2 and stuff like that.

  6. Etherape by Effugas · · Score: 2, Informative

    Does what you're describing.

  7. Re:Open source virus scanners by gmuslera · · Score: 5, Informative
    What about ClamAV or OpenAntivirus or a lot in the same league?

    There are also a lot of integrity checkings tools, that if well don't count as "antivirus", at least they report changes that could mean something nasty running, and not to forget things like chkrootkit.

  8. Re:tcpdump is great by Anonymous Coward · · Score: 1, Informative
    you mean something like . . .
    tcpdump (src host a.b.c.d or src host 1.2.3.4) and (dst host a.b.c.d or dst host 1.2.3.4)
    tpcdump has very powerful filtering - you just have to learn to use it.
  9. Re:Give me reporting tools! by proj_2501 · · Score: 2, Informative

    have you tried portsentry?

  10. Re:Security by bgeer · · Score: 4, Informative

    Um no. Ethereal was running about 1 remote-shell vuln a week for a long time. Snort has had a couple too. I guess you could argue that they're all fixed now, but you certainly can't be sure of that.

  11. sentinix is the siznit by Anonymous Coward · · Score: 2, Informative

    and don't forget sentinix
    http://sentinix.org

    defiance

  12. Re:Just so no one else has to say it... by Atario · · Score: 1, Informative

    Just in case you're not trolling (which I give about a 5% chance): you might try following the explanatory link.

    --
    "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
  13. Re:tcpdump is great by Nothinman · · Score: 3, Informative
    You could also look at ngrep, but learning tcpdump's filter syntax should probably be your first priority since you use it every day and it's available on just about every system.

    Description: grep for network traffic ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

  14. Password auditing by siliconjunkie · · Score: 4, Informative

    I am unaware of open source software that meets the functionality of PWSEX or LC5.

    1. Re:Password auditing by pegr · · Score: 2, Informative

      I am unaware of open source software that meets the functionality of PWSEX or LC5.

      Then you're gonna love this. Why brute LM hashes when you can precompute password/hash pairs then look them up from a database? Initial db generation takes a while, but you can customize the keyspace to whatever you want. When you're done, query a hash, get a password. This stuff works extremely well...

  15. Re:Give me reporting tools! by Anonymous Coward · · Score: 1, Informative

    Try installing snort and use ACID with it.

    I have found this shows the infomation that you are looking for.

  16. Is this sarcasm? by Anonymous Coward · · Score: 1, Informative
    Statement: "There are many great open source security tools out there, Nmap, Nessus, and DSniff, just to name a few."

    The above statement begs the question: "...what open source security tools are missing?"

    No, it doesn't.

    The truth of that statement does not depend on the fact that some open source tools missing. Therefore it is not an example of "question begging" (taking for granted exactly what you are trying to prove) at all.

  17. Re:user by DaveAtFraud · · Score: 4, Informative

    find already does most of what you're looking for:

    find . -perm u=xrw,g=xrw,o=xrw -print

    finds all mode 777 files under the current directory (the initial ".", substitute a path like /var/www if that's where you want to look). If you run it as root (probably required for what you want to do), you can use -user or -uid to find all of the files owned by a particular user name or UID.

    Play with the -perm or +perm flags if need be to refine the result.

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  18. Re:Host-based tools ... sudo is my favorite by Anonymous Coward · · Score: 1, Informative

    sudo is probably the weakest link in all your setuid binaries. It has the newest code and he adds silly things to it.

    Did sudo really need a customizable password prompt that led to a heap overflow?

    ah, now some programmers, they get it.

  19. Re:Open source virus scanners by anttix · · Score: 2, Informative

    Isn't that exactly what SELinux folks are trying to do. If they finish their policy based X server I think we might see a significant leap in desktop security. The basic idea is very simple: Applications should have access only to the data that belongs to them and only some "special" apps have access to other.
    FC2 with selinux on was a disaster for desktop mode though but as a server It's a really good idea. It's like chrooting all of Your services ;)

  20. Re:[OT] Looking for the image sniffing screensaver by stevey · · Score: 2, Informative

    That would be driftnet - it displays images in a window, and the site mentions that there is a screensaver derived from it.

    I run it every now and again when I'm bored on the proxy server I maintain. Fun to see random imagees mixed together..

  21. Re:SIMS by localareasecurity · · Score: 2, Informative

    Ahhhh well there is a little thing called Prelude HyIDS. It has been narounnd since 1998 and has been mentioned on here: http://developers.slashdot.org/article.pl?sid=04/0 4/26/2133207&mode=thread&tid=126&tid=172&tid=1 85
    Might be what you are looking for. . .

  22. Re:I'd like an understandable firewall interface. by Anonymous Coward · · Score: 1, Informative

    Not completely what you're asking for, but you might take a look at fwbuilder ( www.fwbuilder.org ). Not exactly plug and play, but at least it's drag and drop...

  23. Re:Open source virus scanners by Kernel+Kurtz · · Score: 2, Informative

    F-prot has a free version for Linux, BSD, and Solaris single-user workstations, which works very well and can be easily regularly updated via cron. You can find it here;

    http://www.f-prot.com/download/home_user/

  24. Re:Your favorite tools by alecthomas · · Score: 5, Informative

    A more appropriate tool might be linux-vserver, which lets you assign each virtual server its own disk quota, process space and IP addresses.

  25. Re:Self Defending Networks? by Jorgensen · · Score: 2, Informative

    I dont know what I should find most worrying:
    - the darpa fantasy land
    - or using (what appears like) racism to argue for it?

  26. Re:monolithic network management tool by automatix · · Score: 2, Informative

    SSH uses an algorithm called RSA to protect the keys used for encrypting data. Each party has a private key and a public key (a key pair). Anyone can get the public keys.

    If data is encrypted with a private key, it can only be decrypted using the public key from the same key pair. Likewise if it is encrypted with the public key, it can only be decrypted with the matching private key.

    if A wants to send data to B, it first is encrypted with B's public key, then with A's private key.

    B uses A's public key to decrypt it (guaranteeing it is from A) and then uses its own private key to decrypt it back to the original message.

    Because it's a slow and complex process RSA is usually only used to exchange and agree on keys for a normal symetric encryption method (eg 3DES).

    Read more here

    Rob :)