360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
AMaViS (A Mail Virus Scanner) scans e-mail attachments for viruses using third-party virus scanners available for UNIX environments. It resides on a UNIX (Linux) machine and looks through the attached files arriving via e-mail, generates reports when a virus is found and sets the delivery on hold.
Anti-censorship tools (proxyTools) consists of a huge Perl application (localProxy) and a set of tools to analyze the user's network (proxies, firewall rules, name servers, etc.). LocalProxy abstracts external services in an uncensored, reliable, fast manner to the localhost, where they may be used by standard clients (Web browsers, Usenet news clients, SOCKS-capable clients, etc.). Various combinations of strategies are tried to ensure the non-censored nature of the information, and multiple, parallel services (e.g. HTTP proxies) are used to ensure reliability and speed. The tools are capable of automating collection of the data required for localProxy. LocalProxy builds a configuration for the user and dynamically adjusts to using the fastest strategies and proxies available to it. The tools are useful for network analysis (firewall rules, proxy capabilities, etc.) independently of localProxy.
BBStatus is an IP accounting package and an SNMP and IP monitoring tool for Linux. It collects, summarizes, and displays the values from its database. It can be used for IP accounting (allows you to design various kinds of accounting filters), SNMP monitoring (collects data making SNMP requests), ICMP monitoring (stores and summarizes values like min, avg, max reply time, and packet loss), and client traffic filtering (using various types of filters). It also provides user based access so that every user can log in and visualize various data (depending on access rights). It requires PostgreSQL, Apache with mod_auth_pgsql, Perl(Net::SNMP), and RRDTool.
BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. This version runs on Linux, FreeBSD, and OpenBSD. BlockIt has built-in CIDR support for multiple target IPs and whitelist support. Additional features include MySQL logging and email logging.
chownat allows two peers behind two separate NATs and firewalls to establish a direct connection with each other. No port forwarding, DMZ, third party, proxy, spoofing, elevated user privileges, or DNS tricks are required. More importantly, it opens up a tunnel between the two machines so one peer can access a service, such as SSH or a Web server, on the other machine which is also behind a NAT.