Free Software Foundation!

AIM Sniff AIM Sniff is a utility for monitoring and archiving AIM and MSN messages across a network. It can be used to monitor for cases of harassment or warez trading. It has the ability to do a live dump (actively sniff the network) or read a PCAP file and parse the file for IM messages. You also have the option of dumping the information to a MySQL database or STDOUT. AIM Sniff will also monitor for an IM login and then perform an SMB lookup on the originating computer in order to match NT Domain names with IM login names (handles).

And-httpd And-httpd is an HTTP server that maps URLs to files. In other words, in can take an incoming URL and map it to a file in a number of ways (for example, according to content type or language). It can also do authentication or IP based ACLs. It cannot do CGI or other kinds of code execution. It cannot even dynamically create directory listings (although it comes with external tools to do so automatically, and to create a "status page"). It currently has a $2000 "security guarantee" against remote attacks.

Apf 'apf' (active port forwarder) uses SSL for secure packet tunneling. It is meant for users without an external IP who want to make some services available on the Internet. afserver is placed on the machine with a publicly accessible address. afclient is then placed on the machine behind a firewall or masquerade, which makes the second machine visible to the Internet. You do not need root privileges to run afserver, nor does it use other processes. It uses 'zlib' to compress the transferred data.

ArgusEye ArgusEye is a GUI for some of the features of Argus. Argus is a powerful suite of tools for transaction-based network auditing. ArgusEye aims at supporting daily work with Argus by providing a graphical user interface.

Arpalert 'arpalert' listens on a network interface, catches all conversations of MAC address to IP request, and compares the MAc addresses it detected with a pre-configured list of authorized addresses. If the address is not on this list, arpalert launches an alert script with the MAC address and IP address as parameters. 'arpalert' can run in daemon mode and is very fast (low CPU and memory consumption). It responds at signal SIGHUP (configuration reload) and at signals SIGTERM, SIGINT, SIGQUIT and SIGABRT (Kwhere it stops itself).

AutoFW If you are a broadband or dial-up user who doesn't have a firewall script, you need to get one to protect yourself. AutoFW is intended to help you do that with no hassles. Many people when connecting to the internet need a firewall script made for them so they can surf the net without being susceptible to various attacks. Most, if not all (until now :-), of the existing scripts are written for a large range of requirements and require some tweaking to make them work for a specific user. However many users do not know which parameters to fill in the script config file. AutoFW intends to provide a simple firewall script that you just need to fire and forget. You make sure to run it on computer start-up or just before connecting to the net, and it will detect network condition and setup appropriate firewall rules for you. In order to be "smart" AutoFW has to be limited, the current scope of AutoFW are standard broadband connections, it will also cover dial-up users and stand-alone servers.

Bup 'bup' is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets.

ChangePassword ChangePassword modifies the passwords of passwd, Samba, and Squid through the Web. All passwords are syncronized and changed in real time over a browser like Mozilla, Netscape, IE, Opera, and others.

Clipperz Clipperz is a web based password manager. Local encryption within the browser guarantees that no one except you can read your data. With Clipperz you can quickly login to websites, as well as organize and store logins and any confidential data.

Cowloop The cowloop-driver is a copy-on-write loop driver (block device) which can be used on top of any other block driver. It shields the lower driver from any write access and diverts all write-accesses to an arbitrary regular file, called the cowfile. When a modified block is read again later on, the cowloop-driver gets the block from the cowfile, while non-modified blocks are obtained from the original read-only device. This lets block-devices be used in a read-write fashion without modifying the underlying block-device itself.

Cryptmount cryptmount assists system administrators in setting up encrypted filesystems based on the device mapper (dm-crypt) of GNU/Linux systems using a 2.6-series kernel. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel and libgcrypt library) can be used to protect both the filing system and the access key. The protected filing systems can reside in either ordinary files or disk partitions.

Cutter 'Cutter' lets network administrators close TCP/IP connections running over an iptables firewall. It closes the connection in such a way as to lead both ends (client and server) to believe that it was aborted by the other.

Dans Guardian DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primary school might want but DansGuardian puts you in control of what you want to block. DansGuardian is a true web content filter.

DsaCheck dsacheck is a python program that will check all the packages on a Debian system. Dsacheck will download dynamically the DSA (Debian Security Alert) news from the security webpage and build a list that will be compared to the locally installed packages. You can use it easily in a CRON job.

DsaLib dsalib is a module for Python that retrieves all the details for each Debian alert published on Debian's security website (http://security.debian.org), parses it, and put it in an exploitable/queryable way.

Finger 2 A modern computing facility consists of one user per host, and many hosts per site. To find out about logged on users at another site you must query each host to find out about an individual user. With GNU Finger, a single host is designated the finger "server" host and collects information about who is logged on to other hosts at that site. A user then needs to query only the server host, instead of each host at that site. GNU Finger follows the finger "protocol" (rules for communication) in responding to simple requests, since this protocol is siple. But it can also implement another protocol that lets two finger programs exchange information in a predetermined way; this allows faster and wider bandwidth communication.

Fingerd This is a much updated version of Mike Shanzer's fingerd-1.3. It is almost completely rewritten, well-debugged (i.e., more secure), and quite configurable. It supports ACLs, a message-of-the-day file, the ability to run programs for given user-IDs, and a full set of command-line options that make it mostly compatible with modern BSD versions. It is portable, uses GNU Autoconf and GNU Automake for builds, and it comes with a ready-to-use BSD makefile too.

Firestorm Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.

Firewall Builder 2 Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It lets users maintain a database of objects and allows policy editing using drag-and-drop. This provides a consistent abstract model and the same GUI for different firewall platforms. Firewall Builder provides XML DTD and C++ API library that support abstraction of network objects and generalized firewall policies. Firewall Builder currently supports iptables, ipfilter, ipfw, and OpenBSD pf.

Free S WAN GNU/Linux FreeS/WAN is an implementation of IPSEC (Internet Protocal SECurity) and IKE for GNU/Linux systems. It uses strong cryptography to provide both authentication and encryption; authentication ensures that packets are from the right sender and have not been altered in transit, and encryption prevents unauthorised reading of packet contents. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This network is effectively private even though it includes machines at several different sites connected by the insecure Internet. Several companies are co-operating in the Secure Wide Area Network (S/WAN) project to ensure that products will interoperate. There is also a VPN Consortium fostering cooperation among companies in this varea. The primary objective is to help make IPSEC widespread by providing source code which is freely available, runs on a range of machines including ubiquitous cheap PCs, and is not subject to US or other nations' export restrictions.