|
ricyjo
Registered: 07/22/02
Posts: 1,516
Loc: -53.121600, 73.763943
Last seen: 6 days, 6 hours
|
hey network admins....
#2302827 - 02/04/04 09:46 PM (20 years, 1 month ago) |
|
|
What kind of software utilities do you use (or have used) to make a network operate smoothly..
this can include IP monitoring tools, file system security, FTP services, VPN services, network configuration tools.. etc...
please include the name of the software, the name of the company that created/supports it, what it does and why you like it... please.
i said please.. so wtf... take a minute...
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 18 days
|
Re: hey network admins.... [Re: ricyjo]
#2303804 - 02/05/04 04:29 AM (20 years, 1 month ago) |
|
|
Hmmm... sounds like a homework assignment?
-------------------- Just another spore in the wind.
|
TinMan
Stranger
Registered: 10/01/02
Posts: 2,956
Loc: Russia
|
Re: hey network admins.... [Re: ricyjo]
#2303810 - 02/05/04 04:37 AM (20 years, 1 month ago) |
|
|
Try the Cisco PIX 506
|
windex
old hand
Registered: 06/27/01
Posts: 1,293
Last seen: 9 years, 9 months
|
Re: hey network admins.... [Re: TinMan]
#2304407 - 02/05/04 10:33 AM (20 years, 1 month ago) |
|
|
I know a guy who swears buy some of HP's enterprise admin tools, from what I've heard about some of em hes got good reason.
|
amyloid
Stranger
Registered: 03/08/03
Posts: 980
Last seen: 10 years, 2 months
|
Re: hey network admins.... [Re: ricyjo]
#2304529 - 02/05/04 11:10 AM (20 years, 1 month ago) |
|
|
real vnc makes things pretty easy, its an open-source remote desktop app.
for security i like to do scans with languard by gfi, this is just for the quick checks, and by no means lets you know how "secure" your computers are.
and of course any ssh client will get the job done.
-------------------- "A human being is part of a whole, called by us the Universe, a part limited in time and space. He experiences himself, his thoughts and feelings, as something separated from the rest--a kind of optical delusion of his consciousness. This delusion is a kind of prison for us, restricting us to our personal desires and to affection for a few persons nearest us. Our task must be to free ourselves from this prison by widening our circles of compassion to embrace all living creatures and the whole of nature in its beauty." -Al Einstein
|
T0aD
Stranger
Registered: 06/18/02
Posts: 4,475
Last seen: 15 years, 17 days
|
Re: hey network admins.... [Re: amyloid]
#2305259 - 02/05/04 01:56 PM (20 years, 1 month ago) |
|
|
I have a red hat 9 server, and Im running ssh, vsftpd and apache. And I use the configuration tools the redhat has Im soon going to setup qmail, which is considered the best MTA. Otherwise for sniffing your network you can try EtherDetect and Etheral. For scanning try XSpider and Retina, Languard is good as well.Peace good luck
-------------------- Cuba Libre
|
windex
old hand
Registered: 06/27/01
Posts: 1,293
Last seen: 9 years, 9 months
|
Re: hey network admins.... [Re: T0aD]
#2305361 - 02/05/04 02:10 PM (20 years, 1 month ago) |
|
|
Article on slashdot today, seems pretty neat.
Quote:
"Port Knocking" For Added Security Posted by CmdrTaco on Thursday February 05, @01:03PM from the thats-a-crazy-idea dept. Jeff writes "The process of Port Knocking is a way to allow only people who know the "secret knock" access to a certain port on a system. For example, if I wanted to connect via SSH to a server, I could build a backdoor on the server that does not directly listen on port 22 (or any port for that matter) until it detects connection attempts to closed ports 1026,1027,1029,1034,1026,1044 and 1035 in that sequence within 5 seconds, then listens on port 22 for a connection within 10 seconds. The web site explains it in some detail, and there is even an experimental perl implimentation of it that is available for download. I can't think of any easy ways you could get around a system using this security method - let alone even know that a system is implimenting it. Another article on port knocking is here."
http://slashdot.org/article.pl?sid=04/02/05/1834228&mode=nested&tid=126&tid=172
|
MAIA
World-BridgerKartikeya (DftS)
Registered: 04/27/01
Posts: 7,396
Loc: Erra - 20 Tauri - M45 Sta...
Last seen: 2 months, 16 days
|
Re: hey network admins.... [Re: TinMan]
#2306249 - 02/05/04 06:06 PM (20 years, 1 month ago) |
|
|
Quote:
version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ZZZZZZZZZZ ! logging queue-limit 100 enable password 7 XXXXXXXXXXXXXX ! username abcdefgh password 7 VVVVVVVVVVVVVVVVVV ip subnet-zero ip domain name local ! ! ! ! ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key 0 YYYYYYYY213850149 address XX.XXX.XX.XX no-xauth ! ! crypto ipsec transform-set myset esp-des esp-sha-hmac ! crypto map XXXXXXX 1 ipsec-isakmp set peer XX.XXX.XX.XX set transform-set myset match address 101 ! ! ! interface Ethernet0 ip address 192.168.0.254 255.255.255.0 ip nat inside ! interface BRI0 no ip address shutdown ! interface ATM0 no ip address no ip mroute-cache no atm ilmi-keepalive pvc 0/35 encapsulation aal5snap protocol ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer1 ip address negotiated ip access-group 111 in ip nat outside encapsulation ppp dialer pool 1 ppp chap hostname XXXXXXXXXXXXXXXXXXXXX ppp chap password 7 XXXXXXXXXXXXXXXXXXXX ppp pap sent-username XXXXXXXXXXXXXXXXXXXXXX ppp ipcp dns request crypto map XXXXXX ! ip nat inside source list 105 interface Dialer1 overload ip nat inside source static tcp 192.168.0.225 10000 interface Dialer1 10000 ip nat inside source static tcp 192.168.0.225 80 interface Dialer1 80 ip nat inside source static tcp 192.168.0.225 443 interface Dialer1 443 ip nat inside source static tcp 192.168.0.225 22 interface Dialer1 22 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server no ip http secure-server ! access-list 2 remark Where management can be done from. access-list 2 permit 192.168.0.0 0.0.0.255 access-list 2 permit 213.63.135.32 0.0.0.15 access-list 2 permit 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.0.0 0.0.0.255 any access-list 105 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 105 permit ip 192.168.0.0 0.0.0.255 any access-list 111 remark Inbound Access List access-list 111 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 111 deny ip 10.0.0.0 0.255.255.255 any access-list 111 deny ip 172.16.0.0 0.15.255.255 any access-list 111 deny ip 192.168.0.0 0.0.255.255 any access-list 111 deny ip any host 255.255.255.255 access-list 111 permit udp any eq isakmp any eq isakmp access-list 111 permit tcp any any eq telnet access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 443 access-list 111 permit esp any any access-list 111 permit icmp any any access-list 111 permit ip any any access-list 111 permit tcp any any eq 22 access-list 111 permit tcp any any eq 10000 ! line con 0 stopbits 1 line vty 0 4 exec-timeout 0 0 login local length 0 ! scheduler max-task-time 5000 ! ! end
There you have a VPN between two routers under ADSL, internet access with NAT (PAT) for several ports and access policies. I love doing this stuff although i admit web based configuration tools are faster but this shit is very powerful !!! Long live IOS !!!
-------------------- Spiritual being, living a human experience ... The Shroomery Mandala Use, do not abuse; neither abstinence nor excess ever renders man happy. Voltaire
|
MAIA
World-BridgerKartikeya (DftS)
Registered: 04/27/01
Posts: 7,396
Loc: Erra - 20 Tauri - M45 Sta...
Last seen: 2 months, 16 days
|
Re: hey network admins.... [Re: ricyjo]
#2306275 - 02/05/04 06:16 PM (20 years, 1 month ago) |
|
|
IP Mon. tools- ethereal, xnmap ..... FTP services - pureftpd VPN services - OpenVPN Network configuration tools - Webmin, linux console and /etc/sysconfig If you want to go with micro$oft, then that's another story ....
MAIA
-------------------- Spiritual being, living a human experience ... The Shroomery Mandala Use, do not abuse; neither abstinence nor excess ever renders man happy. Voltaire
|
nife
I'm Dead
Registered: 12/26/03
Posts: 225
Last seen: 1 year, 2 months
|
Re: hey network admins.... [Re: ricyjo]
#2311455 - 02/07/04 11:47 AM (20 years, 1 month ago) |
|
|
Scanning software: ping, traceroute, nessusd Monitoring: Inline snort, and tcpdump ftp: proftp network configuration: Vim and custom written PHP. VPN: ??? never done it
-------------------- Protect Your Rights Freedom Card
|
|