[BBLISA] Question about Network analysis tools

Public echo at beltrani.com
Wed Jan 7 17:13:29 EST 2004


On Wed, 2004-01-07 at 16:39, snagao at citistreetonline.com wrote:
> My manager wants to be able to scan a server to see what ports are open
> and make sure the open ports are those that are allowed according to our
> security policies before we release the server for production use.
> 
> In addition, the tool should not interfere with or shutdown application
> ports
> while scanning.  This has happened once in our environment and it basically
> crippled the application.

Any of the port scanning tools already mentioned will handle this.  As
they've been discussed in other replies I won't reiterate the details of
each tool here.

BTW, if this is just a sanity check before you release and you can
assume the system hasn't been hacked, would a simple "netstat -l" or
"lsof -i" on the box itself meet your needs? :-)

  - Paul


> 
> One of my colleagues is in favor of using SARA.  Since I have never used
> any network tools before, I am looking to my fellow admins for suggestions
> on what works well with Linux which meets my requirements and is not very
> difficult to configure and use.  And is free.    :-)
> 
> 
> Thanks!
> Sharon
> 
> 
> 
> 
> 
> 
>                                                                                                                                        
>                       Public                                                                                                           
>                       <echo at beltrani.co        To:       snagao at citistreetonline.com                                                   
>                       m>                       cc:                                                                                     
>                                                Subject:  Re: [BBLISA] Question about Network analysis tools                            
>                       01/07/2004 04:28                                                                                                 
>                       PM                                                                                                               
>                                                                                                                                        
>                                                                                                                                        
> 
> 
> 
> 
> That brings back memories. As someone else mentioned, SATAN is at least
> 9 years old. I'm not sure it will even compile "out of the box" on the
> latest Linux distributions. As I recall there was a tool called SAINT
> that was designed to supersede SATAN.
> 
> Is this project better defined than "throw something like SATAN on a
> Linux box"? i.e. What problem are you trying to solve?  That may make it
> easier to suggest tools for the job.
> 
> 
> FWIW, you may want to check out the following open source tools:
> 
> 1) NMAP http://www.insecure.org/nmap/index.html
> 
> 2) Nessus http://www.nessus.org/
> 
> 3) Snort NIDS  http://www.snort.org/
> 
>   - Paul
> 
> 
> 
> On Tue, 2004-01-06 at 16:02, snagao at citistreetonline.com wrote:
> > I have been asked to install a network security analysis tool like SATAN
> > on a linux machine.  The linux machine is running RedHat Advance server
> > 3.0.
> >
> > I would like to know how the various tools compare and which one(s) are
> > used in most/many companies.
> >
> > My thanks in advance to all those who reply.
> >
> >
> > - sharon
> >
> >
> > _______________________________________________
> > bblisa mailing list
> > bblisa at bblisa.org
> > http://www.bblisa.org/mailman/listinfo/bblisa
> 
> 
> 
> 
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa




More information about the bblisa mailing list