fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.
The audit package contains the user-space utilities for creating audit rules, as well as for storing, searching, and generating reports from the audit records generated by the audit subsystem in the Linux 2.6 kernel and higher. It has a real-time plugin interface for event analysis and remote logging of events.
Network Time Tools (NTT) is a set of network tools designed to provide monitoring of a network and the services on that network, and provide various reports on the hosts/services and optional alerts via email, pager, and cellphones. It comes with a protocol scanner, a bandwidth measurement tool, and a CGI front end that can handle a regular browser or WAP-enabled cellphones via WML.
The Spoofaudit network auditing tool will help you to determine what basic spoofing filters (rfc2827 & rfc3013) are present between two test points on two networks, and what anti-spoofing filters are missing. The tools are designed to work between endpoints that would not normally have filtering between them except anti-spoofing filters.
SecurityFocus ARIS Extractor is a sophisticated Intrusion Detection System (IDS) log analyzer and reporting system, integrated with the SecurityFocus ARIS web site. It allows administrators to upload Intrusion Detection System (IDS) logs to the SecurityFocus ARIS Web site, producing sophisticated reporting, and research attacks and events. By filtering out insignificant or benign data and converting it to a common (XML) format, ARIS extractor streamlines incident reporting for both security professionals and home users, allowing IDS operators to focus only on relevant attacks and incidents. It allows you to analyze and archive logged incidents, cross reference incidents/attacks with the SecurityFocus Vulnerability Database, look up contact information for offending IP addresses, generate personal incident statistics and reports, automatically identify and report important incidents, reduce the amount of time spent parsing IDS logs, and generate daily summary reports, delivered by email (optional). All of this is done without revealing any information that could be used to discern your identity. It can be configured to obfuscate IP addresses, names, and other pertinent details before submitting them to the ARIS Analyzer web site. It supports Snort, Cisco Secure IDS, Dragon, NetProwler, RealSecure, BlackICE Defender, and ICEPac.
Perl Advanced TCP Hijacking is a collection of tools for inspecting and hijacking network connections written in Perl. It consists of a packet generator, an RST daemon, a sniffer, an ICMP redirection tool, an ARP redirection tool, an IDS testing tool, and an automatic hijacking daemon for plain protocols, and features both GUI and terminal interfaces.
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).