Chances are you've heard of SATAN, the System Administrator Tool for Analyzing Networks. Designed by Dan Farmer and Wietse Venema, SATAN scans systems for the existence of well known, often exploited vulnerabilities.
Todays scanners, such as nmap and SAINT, have become popular tools for determining what ports are open, and potential vulnerabilities for those services.
Using nmap, you can port scan large numbers of hosts in a brief period of time using a variety of scanning methods. A typical execution of the program might go like this:
dave@mastermind dave$] nmap localhost Starting nmap V. 2.54BETA1 byThis email address is being protected from spambots. You need JavaScript enabled to view it. ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1515 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 113/tcp open auth 139/tcp open netbios-ssn 143/tcp open imap2 515/tcp open printer Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
Using this information, a cracker can begin to determine what ports are available to compromise the box.
Resources
- nmap
nmap is a utility for port scanning large networks using various scanning techniques. nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Nmap also offers flexible target and port specification, decoy scanning, determination of TCP sequence predictability characteristics, and output to machine parseable or human readable log files.
- SAINT
SAINT is the Security Administrator's Integrated Network Tool. In its simplest mode, it gathers as much information about remote hosts and networks as possible by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, statd, and other services. The information gathered includes the presence of various network information services as well as potential security flaws -- usually in the form of incorrectly setup or configured network services, well-known bugs in system or network utilities, or poor or ignorant policy decisions. It can then either report on this data or use a simple rule-based system to investigate any potential security problems.
- SARA
The Security Auditor's Research Assistant (SARA) is a third generation Unix-based security analysis tool that is based on the SATAN model, CVE standards support, enterprise-level search module, standalone or daemon mode, free-use open license, and updated twice a month.
- WebTrends Security Analyzer
WebTrends Security Analyzer helps you discover and fix the latest known security vulnerabilities on your Internet, intranet and extranet. Systems are analyzed on demand or at scheduled intervals, allowing prioritization and comparative reports to be generated with recommended fixes that resolve possible exploitations.
- Nessus
A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way. Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.
- Argus
Argus is a generic IP network transaction auditing tool. Argus runs as an application level daemon, promiscuously reading network datagrams from a specified interface, and generates network traffic status records for the network activity that it encounters.
The ISS Network Security Scanner used to run on Linux, but they have for some reason dropped support for it. I'm sure they would love to know what fellow Linux users are thinking by contacting them. They actually want you to run the NT version through VMWare.
