try nessus! regards toralf -----Ursprüngliche Nachricht----- Von: Philipp Snizek [mailto:mailinglist@bluewin.ch] Gesendet: Dienstag, 26. September 2000 11:15 An: suse-security@suse.com Betreff: [suse-security] scanner Hi all Does anybody know about a more powerful scanner than nmap? I need it to scan my own firewall. Thanx a lot Philipp Snizek --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
ok a serious reply: Title: Network based security scanners KBTAG: URL: http://www.securityportal.com/lskb/10000050/.html Date created: 17/07/2000 Date modified: Date removed: Authors(s): Kurt Seifried seifried@securityportal.com Topic: Network based security scanners Keywords: Network Summary: Scanning networks for problems is a quick way to build up a list of problems that need fixing, and for tracking the "health" of your network. Intrusion scanners are one evolutionary step up from network scanners. These software packages will actually identify vulnerabilities, and in some cases allow you to actively try and exploit them. If your machines are susceptible to these attacks, you need to start fixing things, as any attacker can get these programs and use them. More information: Nessus Nessus is relatively new but is fast shaping up to be one of the best intrusion scanning tools. It has a client/server architecture, the server currently runs on Linux, FreeBSD, NetBSD and Solaris, clients are available for Linux, Windows and there is a Java client. Communication between the server and client is ciphered for added security all in all a very slick piece of code. Nessus supports port scanning, and attacking, based on IP addresses or host name(s). It can also search through network DNS information and attack related hosts at your bequest. Nessus is relatively slow in attack mode, which is hardly surprising. However it currently has over 200 attacks and a plug-in language so you can write your own. Nessus is available from http://www.nessus.org/. Saint Saint is the sequel to Satan, a network security scanner made (in)famous by the media a few years ago (there were great worries that bad people would take over the Internet using it). Saint also uses a client/server architecture, but uses a www interface instead of a client program. Saint produces very easy to read and understand output, with security problems graded by priority (although not always correctly) and also supports add-in scanning modules making it very flexible. Saint is available from: http://www.wwdsi.com/saint/. Cheops While not a scanner per se, it is useful for detecting a hosts OS and dealing with a large number of hosts quickly. Cheops is a "network neighborhood" on steroids, it builds a picture of a domain, or IP block, what hosts are running and so on. It is extremely useful for preparing an initial scan as you can locate interesting items (HP printers, Ascend routers, etc) quickly. Cheops is available at: http://www.marko.net/cheops/. Ftpcheck / Relaycheck Two simple utilities that scan for ftp servers and mail servers that allow relaying, good for keeping tabs on naughty users installing services they shouldn't (or simply misconfiguring them), available from: http://david.weekly.org/code/. SARA Security Auditor's Research Assistant (SARA) is a tool similar in function to SATAN and Saint. SARA supports multiple threads for faster scans, stores it's data in a database for ease of access and generates nice HTML reports. SARA is free for use and is available from: http://home.arc.com/sara/. BASS BASS is the "Bulk Auditing Security Scanner" allows you to scan the internet for a variety of well known exploits. It was basically a proof of concept that the Internet is not secure. You can get it from: http://www.securityfocus.com/data/tools/network/bass-1.0.7.tar.gz Title: Network host scanning KBTAG: kben10000058 URL: http://www.securityportal.com/lskb/10000050/kben10000058.html Date created: 17/07/2000 Date modified: 24/08/2000 Date removed: Authors(s): Kurt Seifried seifried@securityportal.com Topic: Network host scanning Keywords: Network Summary: There are a number of tools to scan remote systems and identify whether they are connected or not, what OS they are running, and which services. More information: Network scanners Network scanners are run from a host and pound away on other machines, looking for open services. If you can find them, chances are an attacker can to. These are generally very useful for ensuring your firewall works. Strobe Strobe is one of the older port scanning tools, quite simply it attempts to connect to various ports on a machine(s) and reports back the result (if any). It is simple to use and very fast, but doesn't have any of the features newer port scanners have. Strobe is available for almost all distributions as part of it, or as a contrib package, the source is available at: ftp://suburbia.net/pub/. Nmap Nmap is a newer and much more fully-featured host scanning tool. It features advanced techniques such as TCP-IP fingerprinting, a method by which the returned TCP-IP packets are examined and the host OS is deduced based on various quirks present in all TCP-IP stacks. Nmap also supports a number of scanning methods from normal TCP scans (simply trying to open a connection as normal) to stealth scanning and half-open SYN scans (great for crashing unstable TCP-IP stacks). This is arguably one of the best port scanning programs available, commercial or otherwise. Nmap is available at: http://www.insecure.org/nmap/index.html. There is also an interesting article available at: http://raven.genome.washington.edu/security/nmap.txt on nmap and using some of it's more advanced features. Rnmap Remote nmap (Rnmap) is a pair of client and server programs which allow for various authorised clients to run their port scans from a centralised server. http://rnmap.sourceforge.net/ Network Superscanner http://members.tripod.de/linux_progz/ Portscanner Portscanner is a nice little portscanner (surprise!) that has varying levels of outputs making it easy to use in scripts and by humans. It's OpenSource and free to use, you can get it at: http://www.ameth.org/~veilleux/portscan.html. Queso Queso isn't a scanner per se but it will tell you with a pretty good degree of accuracy what OS a remote host is running. Using a variety of valid and invalid tcp packets to probe the remote host it checks the response against a list of known responses for various operating systems, and will tell you which OS the remote end is running. You can get Queso from: http://www.apostols.org/projectz/queso/. spidermap spidermap is a set of Perl scripts to help automate scans and make them more selective. You can get it from: http://www.secureaustin.com/spidermap/.
There might be a certain need to clarify the meaning of "scanner" in
general:
We have
1) vulnerability scanners
a) local
Checks for known vulnerabilities in local programs and
misconfiguration such as wrong permissions and ownerships.
Tripwire might count as such a scanner, in a limited way, as well as
the seccheck scripts that come with SuSE.
b) network-based
Those scanners check the network services on a machine for known
vulnerabilities, usually by connecting to them and speaking the
protocol at each case, recognizing the program versions.
2) port scanners
... send specially crafted packets to a single host or a larger
choice of hosts (or even networks) and interpret the response. The
interpretation can include information wrt to the state of the port
(filtered, just no process that binds to the port, blackholed, open
and restricted on layer 5 (application or tcp-wrapper)) as well as
some characteristics of the host architecture and operating system.
Port scanners may be very fast in scanning large parts of networks,
nmap may be one of the fastest.
Roman.
--
- -
| Roman Drahtmüller
hi nessus has a daemon that binds to a specified port as a server and a client tha tconnects to that port . i mean, is it safe? i always thought that ports should be locked down. are there no exploits against nessus server ? btw, nessus has a plugin-thing going and it still usses nmap attack ,Or am i missing something ? cheers cheedu On Tue, 26 Sep 2000, [ISO-8859-1] Toralf K�hn wrote:
try nessus!
-----Urspr�ngliche Nachricht----- Von: Philipp Snizek [mailto:mailinglist@bluewin.ch] Gesendet: Dienstag, 26. September 2000 11:15 An: suse-security@suse.com Betreff: [suse-security] scanner
Hi all
Does anybody know about a more powerful scanner than nmap? I need it to scan my own firewall.
Thanx a lot Philipp Snizek
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (4)
-
Kurt Seifried
-
Roman Drahtmueller
-
Sridhar
-
Toralf Kühn