Last modified:
Sun Mar 2 21:59:54 PST 2008
Network Security
- The Ethical Hacker Network
- Embedded Systems Security references on backdooring Cisco IOS via TCL, etc.
- The CIDR Report web site
- Getting access to network traffic
- Network traffic analysis tools (thanks to Toby Kohlenberg)
- More network traffic analysis tools
- IPv6
- The Great IPv6 Experiment (switch to IPv6, get free porn!?!)
- Quick-start IPv6, HOWTOs
- IPv6 and IPv4 Threat Comparison and Best Practice Evaluation (v1.0), by Convery, Sean and Darrin Miller, Cisco Systems, Critical Infrastructure Assurance Group
- Technical and Economic Assessment of Internet Protocol, Version 6 (IPv6), IPv6 Task Force, U.S. Department of Commerce, National Telecommunications and Information Administration, National Institute of Standards and Technology
- Issues with Dual Stack IPv6 on by Default, by S. Roy, A. Durand, and J. Paugh, July 7, 2004
- On the Issues of IP Traceback for IPv6 and Mobile IPv6, by Henry C.J. Lee, Miao Ma, Vrizlynn L.L. Thing, and Yi Xu, Institute for
Infocomm Research, 2003
- Security Implications of IPv6, by Warfield, Michael H, Internet Security Systems, Inc., 2003
- Network discovery tools
- Log parsing tools
- An explanation of Ethernet frames, by Rhys Haden
- Ethernet Codes master page
- The Ethernet FAQ
- Protecting Network Infrastructure at the Protocol Level (Word document), by Curt Wilson, Netw3.com Consulting. 12/15/00
- A Study of BGP Misconfiguration, by <ratul @ cs.washington.edu>
- CAIDA Misc networking courses/tutorials
- An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, by Vern Paxson, June 2001
- Path MTU Discovery and Filtering ICMP, by Marc Slemko
- RFC 2267 -- Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, by Paul Fergussen and Daniel Senie
- RFC 2644 -- Changing the Default for Directed Broadcasts in Routers, by Daniel Senie
- "Essential IOS" - Features Every ISP Should Consider, Cisco Systems Inc.
- Distributed Denial of Service (DDoS) News Flash, Cisco Systems Inc.
- Characterizing and Tracing Packet Floods Using Cisco Routers, Cisco Systems Inc.
- Policing and Shaping Overview, Cisco whitepaper on rate limiting
- Denial of Service (DoS) Attack Resources, by Paul Ferguson
- Inferring Internet Denial-of-Service Activity, by David Moore, Geoffrey M. Voelker and Stefan Savage, University of California, San Diego
- Notes from Lockheed Martin conference on DDoS vendor solutions, December 20, 2001
- See also my Distributed Denial of Service (DDoS) Attacks/tools page.
Network monitoring/Intrusion Detection Systems (IDS)
- Background and technical references
- Intrusion Detection, Honeypots, and Incident Handling Resources
- Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection Thomas Ptacek and Tim Newsham (PostScript) [PDF]
- Special Publication 800-54, Draft Version 2, Border Gateway Protocol Security, National Institute of Standards and Technology (NIST)
- "An Overview of Issues in Testing Intrusion Detection Systems", NIST IR 7007, National Institute of Standards and Technology (NIST) Honeypots, and Incident Handling Resources
- Intrusion Detection for an On-Going Attack, by J. Yuill, S. Wu (North Carolina State University), F. Gong (Adv. Networking Research), M. Huang (Applied Research and Technology, The Boeing Company), USA
- A Framework for Cooperative Intrusion Detection, by Deborah Frincke et al, NIST National Information Systems Security Conference, 1998
- Leading non-commercial IDSs
- Snort (a free, lightweight IDS)
- Network Flight Recorder (NFR)
- Shadow
- Bro
- Intrusion Detection Systems (IDS) FAQ
- Towards trapping wily intruders in the large, by G. Mansfield, K. Ohta, Y. Takei, N. Kato, Y. Nemoto (Cyber Solutions Inc, Tohoku University), Japan
- The Honeynet Project
- Trojan Horses - Known Port Numbers
- Symovits Consulting Trojan Port list
- Robert Graham's FAQs on IDS, Sniffers, and Firewalls
- Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events (PDF) by Richard Bejtlich
- Intrusion Detection: Challenges and Myths, Marcus Ranum
- FAQ: Network Intrusion Detection Systems
- The BSD Packet Filter: A New Architecture for User-level Packet Capture, Steven McCanne and Van Jackobson, Lawrence Berkeley Laboratory (The underlying packet capture facility used by many IDSs)
- FRAGROUTER(8) manual page
- Intrusion Detection Systems and A ViewTo Its Forensic Applications University of Melbourne (PostScript)
- TrinityOS
- The Cooperative Intrusion Detection Evaluation and Response (CIDER) Project
- A Framework for Cooperative Intrusion Detection (.pdf), Jesse McConnell, Deborah Frincke, Don Tobin, Jamie Marconi, Dean Polla, University of Idaho
- The Autonomous Agents for Intrusion Detection Group
Public domain packet capture/analysis tools
[Note: Basic packet capture can be done by reading the network
device directly, but saving packets for future use, and use by
other tools, requires a standard library. Libpcap is that
standard, and tcpdump is the most common basic tool for packet
capture.]
Firewalls
- PacketFence
- Tutorial: How to Build a FreeBSD Firewall with IPFILTER
- NDC Logical Firewall prototype (based on Gibraltar, Linux based bootable CD-ROM firewall)
- OpenBSD Filtering Bridge Firewall
- OpenBSD Packet Filter documentation at benzedrine.cx
- Guide to OpenBSD Packet Filtering Firewalls (Internet), by Roger E. Rustad, Jr.
- OpenBSD bridge without IPs using IPF Tutorial, by Doug Hogan and Bryan Hinton, DaemonNews
- IP Filter resources
- Real Stateful TCP Packet Filtering in IP Filter by Guido Van Rooij
- OpenBSD FAQ section 6.0 Networking
- OpenBSD FAQ section 13.0 Using IPSec (IP Security Protocol)
- OpenBSD man pages:
BRIDGE(4),
BRCONFIG(8),
HOSTNAME.IF(5),
IPF(5),
IPF(8),
IPFSTAT(8)
- Free Software Firewall Guide - IPF HOWTO
- How to set up a basic VPN between two OpenBSD gateways using ISAKMP, By Patrick Ethier, SecureOps Inc.
- MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration, Steve McQuade, v1.07 - March 2, 1999
- The NetBSD/i386 Firewall Project
- How to Implement Access Control in Linux via ipfwadm by Lamont Granquist
- Linux LAN & Firewall FAQ
- Linux firewall facilities for kernel-level packet screening by X/OS
- Thinking About Firewalls V2.0: Beyond Perimeter Security, Marcus Ranum
- Internet Firewalls Frequently Asked Questions
- The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment
- Firewalls: Don't Get Burned (Data Communications Firewall Lab Test)
- COAST Firewall Resources
- CSI Firewall Expert Archives
- Network (In)Security Through IP Packet Filtering, Brent Chapman
- (See NIST 800-10)
- Building a Firewalled Internet Presence on the Cheap
- Firewalls fend off invasions from the Net, Steve Lodin and Christoph Schuba (published in the February 1998 issue of IEEE Spectrum magazine)
Virtual Private Networks (VPNs)/Crypto tunnels
Wireless Security
Miscellaneous Network Security related pages