Thanks to Ken for the link.

[ PipeBytes ]

• Arpwatch, used for mac anomaly detection.
• P0f, used for passive OS detection and os change analisys.
• Pads, used for service anomaly detection.
• Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
• Snort, the IDS, also used for cross correlation with nessus.
• Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
• Tcptrack, used for session data information which can grant useful information for attack correlation.
• Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
• Nagios. Being fed from the host asset database it monitors host and service availability information.
• Osiris, a great HIDS.

(thanks to Average Admins for the find)

Since my main server for this site synchronizes via NTP it’s quite accurate, so I decided to employ a bit of Ajax to create a dynamically updating time display that uses my server as the source. I started with Justin’s nifty template, simplified it a bit, made it start upon page load instead of through a button, and used some CSS to format it — pretty simple stuff really.

The result is precisely what I was looking for:

1. A very accurate time display coming from my own site
2. Doesn’t require Java (yuk)
3. Allows you to watch the seconds tick by in real time (great for setting watches)

I love building things — no matter how simple.

dmiessler.com/time

Tool: Hostfind

[Edit: I just found this tool, and it makes mine look like a 4-year-old wrote mine. After a severe head trauma. It's written in a more powerful language, has a better approach, and yields better results. Naturally I'm going to see how he wrote his and learn from it.]

These sorts of lists are helpful for me when trying to incorporate new functionality into how I currently use a tool. So, here’s the short overview:

• A rewritten scan engine makes it far faster and more memory efficient.
• Can now send raw ethernet frames — which allows it to attain full functionality on Windows XP SP2 systems that don’t have raw socket support.
• New ARP scanning and MAC spoofing capabilities.
• Far better documentation.
• Version detection vastly improved (including a threefold increase in the size of the signature database).
• You can now do runtime modification of scans, i.e. you can press enter during a scan to get an estimated time to finish, or press "v" to switch to verbose mode. Very cool.
• Major improvements in scanning multiple hosts and multiple ports on each host simultaneously.
• Parallel DNS queries.
• The addition of “port scan pings” that allow for improved performance vs. firewalled systems.

Overall, this release just looks incredible. I’m highly enthused about it (have already compiled it on my Mac), and look forward to using these new features. Oh, and for a complete list of changes, be sure to check out the changelog.:

daniel@kairin daniel $ nmap tiberius Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-02-07 02:23 EST Interesting ports on tiberius (10.100.5.200): (The 1666 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 1027/tcp open IIS 3389/tcp open ms-term-serv

Nmap finished: 1 IP address (1 host up) scanned in 1.900 seconds daniel@kairin daniel $

…and that’s running from OS X (compiled natively) — no remote shell to a Linux box or nuttin’. Sure, we’ve been able to do this for a long time now, but for some reason I’ve been silly and haven’t.

From now on I’m going to be compliling all my security apps natively instead of using package managers for OS X; they just aren’t mature enough to me, and the packages all seem dated.

Yeah, this rocks.

Not something I’ll be using, personally, but a very cool concept indeed.

Tool: Eager

It’s called Scat (Security Consultant’s Assessment Tool), and it’s available for download if anyone’s interested.

Tool: Scat

(Commence with the “crappy” tool jokes)