home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Tools (InfoMagic)
/
Internet Tools.iso
/
security
/
INDEX
< prev
next >
Wrap
Text File
|
1995-04-11
|
9KB
|
259 lines
Origins
=======
Origins of the files in this archive are listed in the file .origins in
this directory.
Programs
========
satan-XX.tar.Z
Network analysis program by Wietse Venema and Dan Farmer.
cops_104.tar.Z
The UNIX security checker by Dan Farmer. Run this on your
systems before someone else does.
tcp_wrappers_XX.shar.Z
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
These programs log the remote host name of incoming telnet,
ftp, ,rsh, rlogin, finger etc. requests. Security options
are: access control per host, domain and/or service; detection
of host name spoofing or host address spoofing; booby traps to
implement an early-warning system. The current version
supports the System V.4 TLI network programming interface
(Solaris, DG/UX) in addition to the traditional BSD sockets.
crack4.1.tar.Z
Password cracker by Alec Muffett. Run this one on your password
files before someone else does. Can be run in parallell on a
bunch of workstations. A fine colection of word lists can be
found on black.ox.ac.uk in /wordlists
securelib.tar.Z
Protect your RPC daemons against unauthorized access.
Shared library for SunOS 4.1 and later with replacement
routines for three kernel calls: accept, recvfrom, recvmsg.
These replacements are compatible with the originals, with the
additional functionality that they check the Internet address
of the machine initiating the connection to make sure that it
is "allowed" to connect. Written by William LeFebvre.
tiger-XX.tar.gz (gzip compressed tar file)
'tiger' is a set of scripts that scan a Un*x system looking for
security problems, in the same fashion as Dan Farmer's COPS. 'tiger'
was originally developed to provide a check of UNIX systems on the A&M
campus that want to be accessed from off campus (clearance through the
packet filter). As such, we needed something that *anyone* could run
if they could figure out how to get it down to their machine.
cracklib.tar.Z
Proactive password security library by Alec Muffett. The idea
is simple: try to prevent users from choosing passwords that
could be guessed by "Crack" by filtering them out, at source.
ipacl.tar.Z
SYSV.4 streams module that implements packet filtering within
the kernel. Fascinating stuff. Written by Gerhard Fuernkranz
(fuer@siemens.co.at).
loginlog.c.Z
A small program that tails the wtmp file and reports all logins
to the syslogd. Written by Mark mark@blackplague.gmu.edu.
chrootuid.shar.Z
Chrootuid makes it easy to run a network service at low
privilege level and with restricted file system access. At
Eindhoven University we use this program to run the gopher and
www (world-wide web) network daemons in a minimal environment:
the daemons have access only to their own directory tree, and
run under a low-privileged userid. The arrangement greatly
reduces the impact of possible loopholes in daemon software.
tcpr-XX.shar.Z
Tcpr is a set of perl scripts that enable you to run ftp and
telnet commands across a firewall. Forwarding takes place at
the application level, so it's easy to control.
netlog-XX.tar.gz (gzip compressed tar file)
An advanced network sniffer system to monitor your networks.
These programs are a part of the network security system used
by Texas A&M University. It can be used for locating
suspicious network traffic. The following programs are
included:
tcplogger - Log all TCP connections on a subnet
udplogger - Log all UDP sessions on a subnet
extract - Process log files created by tcplogger or udplogger
All three programs require an ANSI C compiler. Tcplogger and
udplogger use the SunOS 4.x Network Interface Tap (nit).
portmap.shar.Z (link to current version)
portmap_XX.shar.Z (XX is version nr)
Replacement portmapper with access control. Makes it somewhat
harder to attack your RPC daemons, for example to steal YP
password maps or NFS file handles. Must be linked against an
object library produced with a recent tcp wrapper (log_tcp)
release (see above). Tested with Ultrix [34], SunOS 4.1.x, HP-UX
8.0, AIX 3.1.5 (bsdcc compiler with -D_SUN).
If you run SunOS 4, the securelib library (see above) is better
because it can also cope with direct attacks on your RPC
daemons (i.e. attacks without assistance from portmap).
SunOS4 users should replace their NIS/portmap daemons with fixed
ones from Sun that implement access control (patch 100482-xx).
logdaemon-XX.tar.Z
- Rlogin and rsh daemons that log the remote user name as well
as the remote host name, with tcp_wrapper access control.
These daemons are believed to be drop-in replacements for SunOS
4.x, Ultrix 4.x and SunOS 5.x (Solaris 2.x).
- Login replacement that supports S/Key one-time passwords,
per-user/host/terminal access control, and with a fascist login
failure logging (tested with SunOS 4.x and 5.x).
- Ftpd that supports S/Key one-time passwords, fascist login
failure logging, and logging of anonymous FTP xfers (tested
with SunOS 4.x and 5.x).
- Rexecd daemon that blocks access to the root account (tested
with SunOS 4.x and 5.x) with fascist login failure logging and
tcp_wrapper access control.
surrogate-syslog.tar.Z
For systems that have no syslog library. This version logs
directly to a file (default /usr/spool/mqueue/syslog).
The fakesyslog that comes with nntp seems to be OK, too.
old/nis.patch-01.tar.Z
Replacement ypserv/ypxfr that rejects requests from unauthorized
hosts (SunOS 4.x). Superseded by Sun patch 100482-xx (see above).
old/rexecd.tar.Z
Hacked BSD43 rexecd that disallows access to the root account
and that logs successful and failed attempts. Access control
code is the same as in the log_tcp package (see above).
Has been merged into logdaemon package.
in.daytimed.tar.Z
Many inetds have the daytime service built-in. This is an
external tcp-based daytime daemon that makes it possible to
monitor requests with the log_tcp package. No big deal.
Documents
=========
admin-guide-to-cracking.Z
Slightly updated version of an article that was posted to
Usenet on December 2, 1993, titled: "Improving the security of
your site by breaking into it.". The paper explains to the
administrator what crackers have known for a long time.
NIS_Paper.ps.Z (postscript)
How easy it is to spoof NIS clients (Hess, Safford, Pooch).
ACM Computer Communications Review 22 (5), 1992.
orange-book.Z (ASCII)
orange-book.OLD.Z (ASCII)
The DOD orange book, defines various levels of security (ASCII).
rainbow-series (ASCII)
Pointers on how to get the whole DOD "rainbow series" on computer
security.
rfc1244.Z
Site security policy handbook, guidelines for dealing with
security issues (ASCII).
security-doc.tar.Z (source)
security-doc.txt.Z (formatted)
The SRI paper on security of UNIX systems by Dave Curry.
worm.report.ps.Z
Gene Spafford's report on the internet worm.
UNIX-password-security.ps.Z (postscript)
UNIX-password-security.txt.Z (plain text)
Introduction to UNIX password security by Walter Belgers.
firewall.Z
Usenet postings about setting up a secure internet gateway.
For more recent material:
The firewalls@greatcircle.com mailing list. Send mail
to majordomo@greatcircle.com. The list is archived at:
ftp.greatcircle.com:/pub/firewall/digests/*
tamu-security-overview.ps.gz
How people at Texas A&M handled a severe case of intrusion.
Secure_Internet_Gateway.ps.Z
Description of the AT&T secure internet gateway (Bill Cheswick)
ipext.ps.Z
Description of security problems in the TCP/IP protocol suite
(Steve Bellovin). ACM Computer Communications Review 19 (2), 1989.
A rebuttal appeared in ACM CCR 19 (3), 1989.
sessext.ps.Z
Improving tty security with a "session tty manager" (Steve Bellovin)
old/security-primer.ps.Z
Coping with the Threat of Computer Security Incidents: A Primer
from Prevention through Recovery (Russell L. Brand).
tcp_wrapper.ps.Z (postscript)
tcp_wrapper.txt.Z (ascii)
Describes the development of the tcp wrapper tool (aka the
log_tcp package) to trace a malicious Dutch computer cracker
(see also: research.att.com:/dist/internet_security/berferd.ps).
Reprints of a paper for the 3rd UNIX Security Symposium
(Baltimore, September 1992).
tcp_wrapper.dutch.ps.Z (postscript)
tcp_wrapper.dutch.txt.Z (ascii)
Contents (in Dutch!) of a presentation given at the 23 april
1992 security meeting of the NLUUG (Dutch UNIX users group) and
SURF (network provider for the Dutch universities).