Showing posts with label Monitoring. Show all posts
Showing posts with label Monitoring. Show all posts
Wireshark 1.8.3 Released
Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
Highlights of Wireshark 1.8.3:
• A lot of protocols were updated:
• A bug that caused the HSRP dissector could to go into an infinite loop has been fixed;
• A bug that causeD the PPP dissector to abort has been repaired;
• Martin Wilck discovered an infinite loop in the DRDA dissector. It was fixed;
• HDCP2 now used the correct protocol id;
• Markers are now showed when maps are displayed;
• Truncated/partial JPEG files are now dissected;
• Support for MPLS Packet Loss and Delay Measurement has been implemented;
• A bug that caused Wireshark to crash when VoIP Calls were selected was fixed;
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Snort 2.9.4Beta Released
Labels:
firewall,
Monitoring,
Network Mapping,
Security Tools
Snort 2.9.4 Beta is now available on snort.org. Snort is a powerful network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks.
Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.
Snort 2.9.4Beta release
- Consolidation of IPv6 — now only a single build supports both IPv4 & IPv6, and removal of the IPv4 “only” code paths.
- File API and infrastructure improvements to file processing for HTTP downloads and email attachments via SMTP, POP, and IMAP to facilitate broader file support
- Use of address space ID for tracking Frag & Stream connections when it is available with the DAQ
- Logging of packet data that triggers PPM for post-analysis via Snort event
- Decoding of IPv6 with PPPoE
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
PacketFence 3.5.1 - Network access control (NAC) solution
Labels:
Monitoring,
Network Hacking,
Network Mapping,
Security Tools
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks – from small to very large heterogeneous networks
Enhancements
* Configuration item to notify of guest sponsorships by email: guests_self_registration.sponsorship_cc
* Developers guide was migrated from Docbook into the asciidoc format
* Important database performance improvement in VoIP and fingerprint checks
* Improved pfdhcplistener process surveillance (#1490)
Bug Fixes
- FreeRADIUS watchdog updated for 3.5.0 changes (#1514)
- debian packages improvements regarding FreeRADIUS configuration
- cosmetic fix in `pfcmd service status` regarding pfdhcplistener (#1515)
- Guests are not able to confirm registration in some cases – take 2 (#1302)
- Sponsored guests regressions (#1505)
- Keep the PID on node_deregister (#1501)
- Handle the release_date on violation modify (#1474)
- Billing screen does not appear when billing feature is enabled (#1525)
- Web extension point regression (#1507)
- Command parsing issue with `pfcmd person` (#1523)
- pfdhcplistener process name identifies listened to interface (#1478)
- Guest management login and authentication regressions (#1518)
- FreeRADIUS documentation aligned with current practices
- More characters are allowed in password types on CLI and WebAdmin (#848)
- illegal characters in webservices user / pass not properly escaped (#1516)
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Suricata 1.4beta1 - Intrusion Detection and Prevention Engine
Labels:
Monitoring,
Security Tools
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
Suricata is a rule-based ID/PS engine that utilises externally developed rule sets to monitor network traffic and provide alerts to the system administrator when suspicious events occur. Designed to be compatible with existing network security components, Suricata features unified output functionality and pluggable library options to accept calls from other applications.
New features:
- Custom HTTP logging contributed by Ignacio Sanchez (#530)
- TLS certificate logging and fingerprint computation and keyword by Jean-Paul Roliers (#443)
- TLS certificate store to disk feature Jean-Paul Roliers (#444)
- Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480)
- AF_PACKET IPS support (#516)
- Rules can be set to inspect only IPv4 or IPv6 (#494)
- filesize keyword for matching on sizes of files in HTTP (#489)
- Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522)
- NFQ fail open support (#507)
- Highly experimental lua scripting support for detection
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Etherwall - prevents Man in The Middle (MITM) Attacks
Labels:
MITM,
Monitoring,
Security Tools
Etherwall is a free and open source network security tool that prevents Man in The Middle (MITM) through ARP Spoofing/Poisoning attacks. It Also prevent it from various attacks such as Sniffing, Hijacking, Netcut, DHCP Spoofing, DNS Spoofing, WEB Spoofing, and others.
Features
- Daemon Processing
- ARP Packet Filtering
- Point to Point & Point to Multipoint Protection
- Realtime Protection
- System Logging
- Early Warning
- Support for networks Statically, Dynamically, or Both
- Supports for Ethernet Wired & Wireless interface (IEEE 802.3 & IEEE 802.11)
- Plugins / Tools
- Included Man Pages
- Easy to Use and Free
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Sagan 0.2.2 - Multi-threaded event-log monitoring
Labels:
Monitoring,
Security Tools
Sagan is multi-threaded, real-time system and event-log monitoring software, but with a twist. It uses a “Snort” like rule set for detecting nefarious events happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, it can do a number of things with that information.
For example, Sagan can store the information to a Snort MySQL database for viewing with utilities like Snorby, it can send e-mail(s) about the event to the appropriate personnel, it can store to a Prelude back end, it can also spawn external utilities, as well as numerous other things.
Sagan can also correlate the events with your Intrusion Detection/Intrusion Prevention (IDS/IPS) system and basically acts like an SIEM (Security Information & Log Management) system.
Sagan change log:
- This release is largely a bug fix for the Sagan “after:” directive. Older verions of Sagan (0.2.1–) incorrectly handled the “after:” flag/directive. New versions of the Sagan rules make heavy use of “after:”. In one week we’ll be pushing out a major rule set update. This new rule update will potentially break 0.2.1– clients. Please upgrade ASAP.
- Added content negation at the request of DigAngel.
- Several other minor bug fixes.
Sagan has the capability to manage events from the following assets:
-Routers (Cisco, etc)
-Managed network switches
-Firewalls (Sonicwall, Fortigate, etc)
-IDS/IPS systems (Cisco, Fortigate, etc)
-Linux and Unix systems (services, kernel messages, etc)
-Windows based networks (Event logs, etc)
-Wireless access points (Cisco, D-Link, etc)
-Host based IDS systems (HIDS) ( AIDE, OSSEC, etc)
-Detection of rogue devices on networks (via Arpalert, etc)
-Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor.
For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.
Download Sagan
-Routers (Cisco, etc)
-Managed network switches
-Firewalls (Sonicwall, Fortigate, etc)
-IDS/IPS systems (Cisco, Fortigate, etc)
-Linux and Unix systems (services, kernel messages, etc)
-Windows based networks (Event logs, etc)
-Wireless access points (Cisco, D-Link, etc)
-Host based IDS systems (HIDS) ( AIDE, OSSEC, etc)
-Detection of rogue devices on networks (via Arpalert, etc)
-Much, much more…..Sagan gives us a broad range of devices, services, applications that we can monitor.
For example, if your organization is a "Cisco shop" and you don't want to deploy Snort based IDS/IPS sensors, it really doesn't matter to our staff. We can monitor the Cisco devices just as we would a Snort based IDS/IPS solution.
Download Sagan
Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email
Subscribe to:
Posts (Atom)