It's always necessary to secure your machine and you
network. While most of you would always keep an eye on the security of your PC,
and install different mechanisms like firewalls and antivirus to protect it, one
thing we generally tend to ignore is the security of the network, particularly
from remote attacks. And when we talk about servers and datacenters, remote
attacks becomes more disastrous than local attacks. So here we will see
some of the very easy to use but very effective IDS and network analysis
software available in PCQlinux 2006.
Arpwatch
The tiniest but very effective tool
to find out spoofing attacks in your
network. All you have to do is to run the
following command.
#arpwatch —e email@domain.com
Where email is your email address. And the best thing about
this software is that you don't need to sit in front of a monitor for 24/7.
Instead this software will automatically send you warnings and alerts whenever
any intrusion happens in the network.
Arpwatch.bmp
Messages sent by Arpwatch include, new activity detected
from previously inactive Ethernet/ IP address, New address becoming active,
change of Ethernet address and a flip flop of Ethernet addresses. In addition to
emailing you the message, Arpwatch also captures additional syslog information
that is useful for keeping a watchful eyeon your network.
Ettercap
One of my favorites. Its basically a sniffer and a specialized tool for
man-in-the-middle attacks on switched LANs. But it can also work pretty well as
an IDS system. This piece of software is installed in most of the Workstation
Installations of PCQLinux 2006 including the SysAdmin. To run it, all you have
to do is to run the following command if you are using a graphical interface.
#ettercap —G
Or
#ettercap —C