Must Have - Networking and Security Tools For *BSD

vivek

Aspiring Daemon

Reaction score: 197
Messages: 805

What networking and security software do you use diagnose network problems and solve security problem? Please share your handy tools...

  1. nmap
  2. tcpdump
  3. snort
  4. john the ripper
  5. Scapy
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 11,559
Messages: 37,877

Stricly speaking not software but

6. Your brain
 

dennylin93

Aspiring Daemon

Reaction score: 113
Messages: 783

Nessus can scan for vulnerabilities. Nikto is pretty much limited to HTTP though.
 

CodeBlock

Active Member

Reaction score: 15
Messages: 216

SirDice said:
Stricly speaking not software but

6. Your brain

I don't have one of those, and I've been getting along fine, :p.

On a serious note, Wireshark helps quite a bit.. for web dev, vim and firefox's firebug.
 

anomie

Aspiring Daemon

Reaction score: 121
Messages: 781

For #1 I would say both nmap and nc(1). nmap is a far more flexible port scanner, but nc is part of the base system, and it offers some unique functionality (i.e. allowing you to set up pretend daemons for testing purposes).

I think we should also add a HIDS to list. In the past, security/aide has been my weapon of choice. The mtree(8) application also is a nice makeshift HIDS (as outlined by Dru in BSD Hacks).

There are also a couple other FreeBSD-specific security oriented tools and concepts that are essential IMO:
 
OP
vivek

vivek

Aspiring Daemon

Reaction score: 197
Messages: 805

@anomie,

Excellent, I always wondered about those two MIBs and never thought of looking at the man page - blackhole(4).
 

tangram

Aspiring Daemon

Reaction score: 75
Messages: 523

anomie said:
  • some notable sysctl MIBs: esp. blackhole(4), security levels in init(8), and various other MIBs to tweak layer 4 communication

Those backhole sysctls are intriguing. However reading the man I have one question: what's the difference between net.inet.tcp.blackhole 1 or 2?
 

tangram

Aspiring Daemon

Reaction score: 75
Messages: 523

Nevermind. Found the answer to my question. At '1' SYN packets arriving on a closed port will be dropped without a RST packet being sent back. With the value set as '2', all packets arriving on a closed port are dropped without an RST being sent back.
 

Alt

Aspiring Daemon

Reaction score: 82
Messages: 726

Networking and Security Tools... Hm....

0. ipfw / PF
 

lme@

Administrator
Staff member
Administrator
Moderator
Developer

Reaction score: 303
Messages: 776

net-mgmt/aircrack-ng :)
 
Top