| Airsnarf 
Airsnarf is a simple rogue wireless access point setup utility designed
to demonstrate how a rogue AP can steal usernames and passwords from
public wireless hotspots. Airsnarf was developed and released to
demonstrate an inherent vulnerability of public 802.11b
hotspots--snarfing usernames and passwords by confusing users with DNS
and HTTP redirects from a competing AP.
|
|
|
| AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys.
AirSnort operates by passively monitoring transmissions, computing the
encryption key when enough packets have been gathered.
802.11b, using the Wired Equivalent Protocol (WEP), is crippled with
numerous security flaws. Most damning of these is the weakness
described
in "
Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott
Fluhrer,
Itsik Mantin and Adi Shamir. Adam
Stubblefield was the first to implement this attack, but he has not
made his software public. AirSnort, along with WEPCrack,
which was released about the same time as AirSnort, are the first
publicly
available implementaions of this attack.
AirSnort requires approximately 5-10 million encrypted packets to be
gathered. Once enough packets have been gathered, AirSnort can guess
the encryption password in under a second.
|
|
|
| Apache Directory
The primary vision is to build an enterprise directory server platform
where other Internet services snap in to store their data within the
directory so they may be managed using LDAP. Its architecture is
designed so services other than LDAP such DNS, DHCP, SLP, Kerberos, and
UDDI can be implemented and snapped in. These services will use a
common networking layer (MINA) and each can be toggled on and off
according to the needs of the environment.
|
|
|
| DansGuardian
DansGuardian is an award winning web content filtering proxy for Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris that uses Squid to do all the fetching.
It filters using multiple methods. These methods include URL and domain filtering, content phrase filtering, PICS filtering, MIME filtering, file extension filtering, POST limiting.
The content phrase filtering will check for pages that contain
profanities and phrases often associated with pornography and other
undesirable content. The POST filtering allows you to block or limit
web upload. The URL and domain filtering is able to handle huge lists
and is significantly faster than squidGuard.
The filtering has configurable domain, user and source ip exception lists. SSL Tunneling is supported.
The configurable logging produces a log in an easy to read format
which has the option to only log the text-based pages, thus
significantly reducing redundant information such as every image on a
page.
Pretty much all parts of DansGuardian are configurable thus giving
the end administrator user total control over what is filtered and not
some third-party company.
|
|
|
| eBox Platform
eBox management tool will effectively and easily help you managing the advanced
services for your corporate network. Designed with extensibility in mind it offers, among others, these modules: Firewall, Transparent proxy, Content filter, NTP Server, Users and groups, Mail server... more modules!
|
|
|
| Ethereal
Ethereal is used by network professionals
around the world for troubleshooting, analysis, software and
protocol development, and education. It has all of the standard
features
you would expect in a protocol analyzer, and several features not
seen in any other product. Its open source
license allows talented
experts in the
networking community to add enhancements. It runs on all popular
computing platforms, including Unix, Linux, and Windows.
|
|
|
| Firestarter
Firestarter is an Open Source visual
firewall program. The software aims to combine ease of use with powerful features, therefore
serving both Linux desktop users and system administrators.
|
|
|
| Firewall Builder
Firewall Builder is multi-platform firewall configuration and
management tool. It consists of a GUI and set of policy compilers for
various firewall platforms. Firewall Builder uses object-oriented approach,
it helps administrator maintain a database of network objects and allows
policy editing using simple drag-and-drop operations. Firewall Builder
currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX. Technical
summary of features supported by the policy compilers for all platforms
can be found in the section "Modules"
|
|
|
| Funambol
Funambol is open source mobile application server software that
provides push email, address book and calendar (PIM) data
synchronization, application provisioning, and device management for
wireless devices and PCs, leveraging standard protocols. For users,
this means BlackBerry-like capabilities on commodity handsets.
Funambol
is also a software development platform for mobile applications. It
provides client and server side Java APIs, and facilitates the
development, deployment and management of any mobile project. Funambol
is the de facto standard implementation of the Open Mobile Alliance
Data Synchronization and Device Management protocols (OMA DS and DM,
formerly known as SyncML).
|
|
|
| GroundWork
GroundWork Open Source is the undisputed leader
in open source systems and network monitoring and management software,
providing the widest coverage at the lowest possible cost. We bring all
the advantages of open source software to business-critical network and
systems management and combine those with superior functionality,
documentation, and professional support to give you unprecedented
visibility of your entire IT infrastructure.
|
|
|
| Guardian Active Response for Snort
Guardian is a security program which works in conjunction with Snort to automaticly update firewall rules based on alerts generated by Snort.
The updated firewall rules block all incoming data from the IP address
of the attacking machine (the machine which caused Snort to generate an
alert.
There is also logic in place which pervents blocking important
machines, such as DNS servers, gateways, and whatever else you want.
|
|
|
| IP Filter
IPFilter is a software package that can be used to provide network address
translation (NAT) or firewall services. To use, it can either be used as a
loadable kernel module or incorporated into your UNIX kernel; use as a
loadable kernel module where possible is highly recommended. Scripts are
provided to install and patch system files, as required.
|
|
|
| IPCop
IPCop Firewall is a Linux firewall distribution
geared towards home and SOHO (Small Office/Home Office) users. The
IPCop interface is very user-friendly and task-based. IPCop offers the
critical functionality of an expensive network appliance using stock,
or even obsolete, hardware and OpenSource Software.
|
|
|
| Iperf
While tools to measure network performance, such as ttcp, exist, most are
very old and have confusing options. Iperf was developed as a modern alternative
for measuring TCP and UDP bandwidth performance.
Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of
various parameters and UDP characteristics. Iperf reports bandwidth, delay
jitter, datagram loss.
|
|
|
| Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and
intrusion detection system. Kismet will work with any wireless card which
supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and
802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting
standard named networks, detecting (and given time, decloaking) hidden
networks, and infering the presence of nonbeaconing networks via data
traffic.
|
|
|
|
|
|
| LBNL's Network Research Group
|
|
|
| m0n0wall
m0n0wall is a project aimed at creating a complete, embedded firewall
software package that, when used together with an embedded PC, provides
all the important features of commercial firewall boxes (including ease
of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD,
along with a web server, PHP and a few other
utilities. The entire system configuration is stored in one single XML
text file to keep things transparent.
m0n0wall is probably the first UNIX system that has its boot-time
configuration done with PHP, rather than the usual shell scripts,
and that has the entire system configuration stored in XML format.
|
|
|
| NessusWX
NessusWX is a client program for
Nessus security scanner
which is designed specially for Windows platform. NessusWX
has Windows look'n'feel and, in addition, some features that in my opinion
was missed in standard Nessus client for Windows.
|
|
|
| Nmap
Nmap ("Network Mapper") is a free open source utility for network
exploration or security auditing. It was designed to rapidly scan
large networks, although it works fine against single hosts. Nmap
uses raw IP packets in novel ways to determine what hosts are
available on the network, what services (application name and version)
those hosts are offering, what operating systems (and OS versions) they are
running, what type of packet filters/firewalls are in use, and dozens
of other characteristics. Nmap runs on most types of computers and
both console and graphical versions are available. Nmap is free and open
source (license).
|
|
|
| ntop
ntop is a network traffic probe that shows the
network usage, similar to what the popular top Unix command does. ntop is based
on libpcap and it has been
written in a portable way in order to virtually run on every Unix platform and
on Win32 as well.
ntop users can use a a web browser (e.g.
netscape) to navigate through ntop (that acts as a web server) traffic information
and get a dump of the network status.
|
|
|
| OLR - Open Linux Router
The Open Linux Router will be a network appliance unlike any other. Its
modular design will empower the user with the ability to pick and
choose what features and/or services will and will not be included on
the implementation. By scaling the features and services down, the Open
Linux Router can easily be installed on a small, embedded device.
Although, if the implementation demands functionality, it is just as
easy to add the features, which provides the Open Linux Router with a
wide and diverse demographic. Residential and small business
implementations have a certain set of needs, while an enterprise
implementation requires a more concentrated operation and that's what
drives the modular approach to services and features. The learning
curve is also greatly reduced through a consolidation of the nominal
devices that your IT staff would currently have to master to rise to
the same level of productivity. This project aims to encourage open
source software for network systems and solutions.
|
|
|
| Open Directory
Apple's Open Directory architecture includes source code for both directory client access and directory servers. |
|
|
| OpenLDAP
The OpenLDAP Project is a collaborative effort to develop
a robust, commercial-grade, fully featured, and
open source
LDAP suite of applications and development tools. The project is
managed by a worldwide community of volunteers that use the Internet to
communicate, plan, and develop the OpenLDAP Suite
and its related documentation.
|
|
|
| OpenNMS
OpenNMS is the world's first enterprise grade network management platform developed under the open source model.
|
|
|
| pfSense
pfSense is an open source firewall derived from the m0n0wall operating system platform with radically different goals such as using OpenBSD's ported Packet Filter, FreeBSD 6.1 ALTQ (HFSC) for excellent packet queueing and finally an integrated package management system for extending the environment with new features. |
|
|
| pixilate |
The List 
