The primary attributes of a scanner should be:
1: The capability to find a machine or network.
2: The capability to find out what services are being run on the host (once having found the machine).
3: The capability to test those services for known holes. There are various tools available for Linux system scanning and intrusion detection. I will explain some of the very famous tools available. I have divided the scanners into three categories:
Host scanners are software you run locally on the system to probe for problems.
COPS is a collection of security tools that are designed specifically to aid the typical UNIX systems administrator, programmer, operator, or consultant in the oft neglected area of computer security. COPS is available at: http://www.fish.com/cops
Tiger is a UNIX Security Checker. Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them. You can get it from: http://www.giga.or.at/pub/hacker/unix
Network scanners are run from a host and pound away on other machines, looking for open services. If you can find them, chances are an attacker can too. These are generally very useful for ensuring your firewall works.
Strobe is Super optimized TCP port surveyor. It is a network/security tool that locates and describes all listening TCP ports on a (remote) host or on many hosts in a bandwidth utilization maximizing, and process resource minimizing manner. It is simple to use and very fast, but doesn’t have any of the features newer port scanners have.
Strobe is available at: ftp://suburbia.net/pub/.
Nmap is a newer and much more fully-featured host scanning tool. Specifically, nmap supports:
There are also a number of programs now that scan firewalls and execute other penetration tests in order to find out how a firewall is configured.
Firewalking is a tool that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device. System administrators should utilize this tool against their systems to tighten up security. Firewalk is available from: http://www.packetfactory.net/Projects/Firewalk/.
Security is not a solution! It’s a way of life”. System Administrators must continuously scan their systems for security holes and fix the hole on detection. This will tighten the security of system and reduce the chance of security breaches. This process is a continuous process. The security vulnerabilities will keep on arising and process of fixing the security holes will never end! After all, Precaution is better than cure. (by Kapil Sharma, 2000)