Posts Tagged ‘network security’

The T50 v5.3 includes:

  1. New License: It is, finally, licensed under GPL Version 2.0. Please, refer to LICENSE document for further information.
  2. CIDR Support: Classless Inter-Domain Routing support for destination IP address, using a really tiny Calgorithm. This would allow the T50 v5.3 to simulate DDoS in a laboratory environment.

      001 netmask = ~(all_bits_on>>cidr);
      002 hostid = (int)(pow(2,(32-cidr))-2);
      003 __1st_host = (ntohl(addr)&netmask)+1;
      004 __lst_host = (ntohl(addr)&netmask)+hostid;

  3. ELEVEN NEW Protocols: ELEVEN (11) more protocols supported by T50 v5.3 (IGMPv3, EGP, DCCP, RSVP, RIPv1, RIPv2, GRE, ESP, AH, EIGRP and OSPF).
  4. Exotic Protocols: Advanced options and protocol crafting for RSVP, EIGRP, OSPF and GRE were added, allowing users to make any combination while using those exotic protocols. By the way, EIGRP is a proprietary protocol developed by CISCO Systems, Inc.
  5. TCP Options Support: TCP Options (MSS, NOP, EOL, WSCALE, TSTAMP, T/TCP CC, SACK, MD5 and TCP-AO) are supported to improve the TCP protocol.

download t50

[videolog 614528]


Softwink announces the release of Sagan, the ultimate in Syslog monitoring. Sagan can alert you when events are occurring in your syslogs that need your attention right away, in real time!

Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting “bad things” happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system. Sagan is meant to be used in a ‘centralized’ logging environment, but will work fine as part of a standalone Host IDS system for workstations.

Sagan is fast: Sagan is written in C and is a multi-threaded application. Sagan is threaded to prevent blocking Input/Output (I/O). For example, data processing doesn’t stop when an SQL query is needed. It is also meant to be as efficient as possible in terms of memory and CPU usage.

Sagan uses a “Snort” like rule set: If you’re a user of “Snort” and understand Snort rule sets, then you already understand Sagan rule sets. Essentially, Sagan is compatible with Snort rule management utilities, like “oinkmaster” for example.

Sagan can log to Snort databases: Sagan will operate as a separate “sensor” ID to a Snort database. This means that your IDS/IPS events from Snort will remain separate from your Sagan (syslog/event log) events. Since Sagan can utilize Snort databases, using Snort front-ends like BASE and Snorby will not only work with your IDS/IPS event, but also with your syslog events as well!

Sagan output formats: You don’t have to be a Snort user to use Sagan. Sagan supports multiple output formats, such as a standard output file log format (similar to Snort), e-mailing of alerts (via libesmtp), Logzilla support and externally based programs that you can develop using the language you prefer (Perl/Python/C/etc).

Sagan is actively developed: Softwink, Inc. actively develops and maintains the Sagan source code and rule sets. Softwink, Inc. uses Sagan to monitor security related log events on a 24/7 basis.

Other Features:

  • Sagan is meant to be easy to install. The traditional, “./configure && make && make install” works for many installations depending on the functionality needed and configuration.
  • Thresholding of alerts. Uses the same format as Snort in the Sagan rule set.
  • Attempts to pull TCP/IP addresses, port information, and protocol of rule set that was triggered. This leads to better correlation.
  • Can be used to monitor just about any type of device or system (Routers, firewalls, managed switches, IDS/IPS systems, Unix/Linux systems, Windows event logs, wireless access points & much more).
  • Works ‘out of the box’ with Snort front ends like BASE, Snorby, proprietary consoles, various Snort based reporting systems.
  • Sagan is ‘open source’ and released under the GNU/GPL version 2 license.

more info & download

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project.

The Tools

* parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
* alive6: an effective alive scanng, which will detect all systems listening to this address
* dnsdict6: parallized dns ipv6 dictionary bruteforcer
* fake_router6: announce yourself as a router on the network, with the highest priority
* redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
* toobig6: mtu decreaser with the same intelligence as redir6
* detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
* dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
* trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
* flood_router6: flood a target with random router advertisements
* flood_advertise6: flood a target with random neighbor advertisements
* fuzz_ip6: fuzzer for ipv6
* implementation6: performs various implementation checks on ipv6
* implementation6d: listen daemon for implementation6 to check behind a FW
* fake_mld6: announce yourself in a multicast group of your choice on the net
* fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
* fake_advertiser6: announce yourself on the network
* smurf6: local smurfer
* rsmurf6: remote smurfer, known to work only against linux at the moment
* sendpees6: a tool by, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff 😉 to keep the CPU busy. nice.


This code currently only runs on:

* Linux 2.6.x (because of /proc usage)
* 32 Bit
* Ethernet and Raw are supported (is there anything else necessary?)

more info & download

Network Security Superheroes Battle Threats in “The Realm”


On the Digital Earth, a new breed of criminal has emerged for battle with network security, to ensure these viscous attackers don’t stand a chance, a select team of Cisco engineers were appointed to develop the ultimate digital crime fighting organization… Do you dare to enter “The Realm”?


“The Realm” is a completely virtual campaign that projects superhero qualities to not only the heroes in flashy costumes (or products) but also the engineers, the backbone of network security products, who convey a mastermind-like quality when designing the ammunition needed to battle such network threats as: Botnets, Malware, Spam and Intruders.

The campaign aims motivate and inspire a new generation of network professionals, as well as seasoned engineers, in a language and visual expression that is entertaining and they can relate to. Positivity and encouragement are crucial in this economy and “The Realm” reminds us that IT professionals can be the heroes of the future.

The Realm, Episode 1

The webisode series is tied to an ongoing Human Network campaign, which Cisco has been laying the ground work for years, to communicate that the network is what makes our digital lives and visual networking possible. The notion that Cisco is purely an enterprise company is hardly the case these days and while “The Realm” focuses on network security at the enterprise level, it is also an example of what Cisco is doing to defer this perception.

Long past are the days of metal marketing. Do you remember seeing a metal box on a poster paired with a short slogan? Metal marketing please meet “The Realm.” The first two webisodes are live at realm. A third episode will be released later this month and the finale will be released leading up to the RSA security conference in late April.

The mission of “The Realm” superheroes is to assure the safety and security of every citizen on the human network. Here are your heroes and the superpowers the own to protect you:

Defender Trace
1. Splits into multiple forms to monitor sectors simultaneously
2. Superhuman data analyzation
3. Protects the Realm perimeter and all traffic ways

Defender Wall
1. Energy wave force field
2. Super strength to enforce network access
3. Extrasensory authentication abilities

Defender Vixa
1. Manipulates sound waves to create physical forces
2. Subliminal encryption powers
3. Light-speed response to detected threats

Defender Jux
1. SensorBase Control
2. Headquarters shield protection
3. Genious analyzation of threat conspiracies

The Realm, Episode 2

The Realm, Episode 3

The Realm, Episode 4

Is there an area of technology you feel deserves superhero attention?

You can interact more with “The Realm” heroes on Facebook, where they each host their own page: Defender Trace, Defender Wall, Defender Vixa, Defender Jux

Click here to learn more about how Cisco provides visual networking for consumers and we invite you to join our conversation on Twitter and Facebook.