SecurityFocus Microsoft Newsletter #119

SecurityFocus Microsoft Newsletter #119

This issue is sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Securing Outlook, Part Two: Many Choices to Make
2. 'Twas the Night Before Christmas, 2002
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. MICROSOFT VULNERABILITY SUMMARY
5. RealNetworks Helix Universal Server RTSP Transport Buffer...
6. Oracle 9i Application Server Insecure Default File Permissions...
7. MATLAB Mex Insecure Temporary Files Vulnerability
8. MATLAB Mex Local Command Execution Vulnerability
9. SPGPartenaires Multiple SQL Injection Vulnerabilities
10. RealNetworks Helix Universal Server Long URI Dual HTTP Request...
11. Hyperion FTP Server Buffer Overflow Vulnerability
12. Oracle 9i Application Server WEB-INF Folder Access Vulnerability
13. RealNetworks Helix Universal Server RTSP Describe Buffer...
14. PHP-Nuke CRLF Injection Vulnerability
15. PHP-Nuke Modules.PHP Denial Of Service Vulnerability
16. Apache printenv Sample Script Cross Site Scripting Vulnerability
17. MATLAB Insecure Temporary Files Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
18. Blank passwords, TsInternetUser added to Administrators (Thread)
19. SecurityFocus Microsoft Newsletter #118 (Thread)
20. How to kill OL2000 ability to render html mail (Thread)
21. Fw: How to kill OL2000 ability to render html mail (Thread)
22. AW: How to kill OL2000 ability to render html mail (Thread)
23. Logging Terminal Services Access? (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
24. Anti-Trojan 5.5
25. Anti-Virus (AVP) Personal PRO
26. InterScan VirusWall
27. NEW TOOLS FOR MICROSOFT PLATFORMS
28. Netmon 1.52
29. NeTraMet 3.2
30. Network Equipment Performance Monitor v1.0 VI. SPONSOR INFORMATION
31. FRONT AND CENTER

    ---

32. Securing Outlook, Part Two: Many Choices to Make By Scott Granneman

This is the second of two articles focusing on ways to secure one of the world's most popular e-mail clients, Microsoft's Outlook. The first article offered a brief overview of Outlook, as well as some security issues. It also discussed configuring Outlook for optimal security. This article will look at some more things that Outlook users can do to secure their e-mail.

http://online.securityfocus.com/infocus/1652

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. 'Twas the Night Before Christmas, 2002 By Tim Mullen

'Twas the night before Christmas and all through the House,
Not a congressman was stirring-- and the Senate was soused. Freedom and Privacy-- the things we hold dear, Have been trampled by the 107th this year.

http://online.securityfocus.com/columnists/131

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. RealNetworks Helix Universal Server RTSP Transport Buffer Overflow Vulnerability BugTraq ID: 6454 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6454 Summary:

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.

A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'transport' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Due to this server running on TCP port 554 on most Windows systems, and the server being installed as a system service, exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.

2. Oracle 9i Application Server Insecure Default File Permissions Vulnerability BugTraq ID: 6460
Remote: No
Date Published: Dec 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6460
Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9i Application Server (9iAS) is the web application server infrastructure distributed by Oracle.

A problem with Oracle 9iAS may make it possible for a local user to gain access to sensitive information.

It has been reported that Oracle 9iAS does not install with secure default permissions. The default installation of Oracle 9iAS allows users with local access to the system to access some contents of the 9iAS installation. A user with local access may also modify or remove files affected by this vulnerability. It should be noted that this only affects 9iAS installed on Microsoft Windows NT and 2000 systems.

This vulnerability could result in a local user accessing potentially sensitive information. A user with local access could also modify or destroy affected files.

3. MATLAB Mex Insecure Temporary Files Vulnerability BugTraq ID: 6469
Remote: No
Date Published: Dec 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6469
Summary:

MATLAB is a language and technical computing environment. It is available for a number of platforms, including Linux and Unix variants and Microsoft Windows.

MATLAB is prone to an issue which may allow local attackers to corrupt files.

The MATLAB Mex script uses the process ID (PID) when naming temporary files. If an attacker can anticipate the name of temporary files created by Mex, then the attacker can place a malicious symbolic link in place of the temporary files. If the symbolic link points to a file which is writeable by the user running the program, then they will be corrupted when the Mex script performs any actions on temporary files.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may result in critical files being overwritten. If an attacker can cause files to be overwritten with custom data, then it may be possible to elevate privileges.

4. MATLAB Mex Local Command Execution Vulnerability BugTraq ID: 6470
Remote: No
Date Published: Dec 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6470
Summary:

MATLAB is a language and technical computing environment. It is available for a number of platforms, including Linux and Unix variants and Microsoft Windows.

MATLAB is prone to an issue which may allow local attackers to execute arbitrary commands with elevated privileges.

The MATLAB Mex script creates temporary files which are later executed to perform various actions. If an attacker can anticipate the name of a temporary file created by the Mex script, it is possible to create a malicious file in the place of the temporary file. The Mex script will then reportedly execute the malicious file.

Successful exploitation will result in arbitrary command execution with the privileges of the user running the Mex script.

This issue is compounded by the fact that Mex uses predictable names when creating temporary files, as described in BID 6469 "MATLAB Mex Insecure Temporary Files Vulnerability".

5. SPGPartenaires Multiple SQL Injection Vulnerabilities BugTraq ID: 6455
Remote: Yes
Date Published: Dec 20 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6455
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SPGPartenaires is a partner management script written in PHP and that uses a SQL backend. It is available for the Linux, Unix, and Microsoft Windows operating systems.

Several vulnerabilities have been discovered in SPGPartenaires. These vulnerabilities are due to insufficient sanitization of variables used to construct SQL queries in various scripts, including 'indent.php',
'index2.php', and 'delete.php'. Specifically, the 'pass' and 'SPGP'
variables are not sanitized of malicious SQL input. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

By injecting SQL code into the 'pass' or 'SPGP' variable, it may be possible for an attacker to corrupt member information. It may also be possible for attackers to perform more advanced attacks on the underlying database.

6. RealNetworks Helix Universal Server Long URI Dual HTTP Request Buffer Overflow Vulnerability BugTraq ID: 6458
Remote: Yes
Date Published: Dec 20 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6458
Summary:

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.

A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking, when a long URI is requested via the HTTP server in two separate connections, a boundry condition error occurs. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Hyperion FTP Server Buffer Overflow Vulnerability BugTraq ID: 6467
Remote: Yes
Date Published: Dec 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6467
Summary:

MollenSoft Hyperion FTP Server is a server that supports basic FTP functionality and more. It is available for the Microsoft Windows operating systems.

A vulnerability has been discovered in Hyperion FTP Server. It is possible for a remote attacker to trigger this vulnerability by passing an FTP parameter of excessive length.

By exploiting this issue to overwrite a functions instruction pointer it may be possible to redirect the servers flow of execution to malicious shellcode. Successful exploitation will result in arbitrary commands being executed with the privileges of the vulnerable server.

It should be noted that this vulnerability was discovered in version 2.8.11 of Hyperion FTP Server. It is not yet known whether this issue affects earlier versions.

This vulnerability is very similar to the issue described in BID 6345.

8. Oracle 9i Application Server WEB-INF Folder Access Vulnerability BugTraq ID: 6461
Remote: Yes
Date Published: Dec 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6461
Summary:

9i Application Server (9iAS) is the web application server infrastructure distributed by Oracle.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with Oracle 9iAS may make it possible for a local user to gain access to sensitive information.

It has been reported that a problem exists in Oracle 9iAS with the WEB-INF directory. Under some circumstances, it may be possible for a remote user to gain access to the contents of the WEB-INF directory. In doing so, a remote user could potentially gain access to source code of web applications, and potentially other sensitive information.

This vulnerability could lead to an information gathering attack. In some situations, this vulnerability could also lead to password disclosure.

9. RealNetworks Helix Universal Server RTSP Describe Buffer Overflow Vulnerability BugTraq ID: 6456
Remote: Yes
Date Published: Dec 20 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6456
Summary:

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms.

A problem with Helix Universal Server could make it possible for a remote user to execute arbitrary code.

A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'describe' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Due to this server running on TCP port 554 on most Windows systems, and the server being installed as a system service, exploitation of this vulnerability would yield SYSTEM privileges on a vulnerable host. Exploitation on Unix systems would yield the privileges of the Universal Server.

1. PHP-Nuke CRLF Injection Vulnerability BugTraq ID: 6446 Remote: Yes Date Published: Dec 20 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6446 Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Throughout PHP-Nuke, the PHP mail() function is implemented to handle email through web-based intefaces for various purposes (for features such as "feedback", "send this to a friend", etc). There is no input validation performed on user data passed to this function. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages.

Attackers may exploit this weakness to manipulate the structure of outgoing messages. For example, it may be possible for attackers to set the recipient to an arbitrary value. This could be leveraged by individuals to send mass unsolicited mail in a manner similar to how "formmail" is actively exploited (BID 3955).

1. PHP-Nuke Modules.PHP Denial Of Service Vulnerability BugTraq ID: 6465 Remote: Yes Date Published: Dec 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6465 Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate URI parameters.

An attacker can exploit this vulnerability by modifying the 'name' parameter when making a request for modules.php. This will prevent visitors to the site hosting PHP-Nuke from creating a new account thereby leading to a denial of service condition.

This vulnerability was reported for PHP-Nuke 6.0. It is not known whether earlier versions are affected.

1. Apache printenv Sample Script Cross Site Scripting Vulnerability BugTraq ID: 6466 Remote: Yes Date Published: Dec 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6466 Summary:

Apache is a freely available webserver for Unix and Linux variants, as well as Microsoft operating systems.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A cross site scripting vulnerability has been reported in a sample script included with Apache. The vulnerability exists in the 'printenv' sample script, which is typically installed in the 'cgi-bin' directory.

Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains arbitrary HTML and script code. Attacker-supplied HTML and script code may be executed on a web client visiting the malicious link in the context of the vulnerable server.

This may be exploited to steal cookie-based authentication credentials.

It should be noted that this script is not installed as an executable script and any output is generated as plain text. However, some browsers may not properly interpret the TEXT/PLAIN MIME header and may render any output messages in HTML.

1. MATLAB Insecure Temporary Files Vulnerability BugTraq ID: 6468 Remote: No Date Published: Dec 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6468 Summary:

MATLAB is a language and technical computing environment. It is available for a number of platforms, including Linux and Unix variants and Microsoft Windows.

MATLAB is prone to an issue which may allow local attackers to corrupt files.

MATLAB uses the process ID (PID) when naming temporary files. If an attacker can anticipate the name of temporary files created by MATLAB, then the attacker can place a malicious symbolic link in place of the temporary files. If the symbolic link points to a file which is writeable by the user running the program, then they will be corrupted when MATLAB performs any actions on temporary files.

This may result in critical files being overwritten. If an attacker can cause files to be overwritten with custom data, then it may be possible to elevate privileges.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

III. MICROSOFT FOCUS LIST SUMMARY

1. Blank passwords, TsInternetUser added to Administrators (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/304411

2. SecurityFocus Microsoft Newsletter #118 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/304415

3. How to kill OL2000 ability to render html mail (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/304410

4. Fw: How to kill OL2000 ability to render html mail (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/304321

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. AW: How to kill OL2000 ability to render html mail (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/304229

6. Logging Terminal Services Access? (Thread) Relevant URL:

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. Anti-Trojan 5.5 by Anti-Trojan Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.anti-trojan.net/en/home.aspx

Anti-Trojan 5.5 is a powerful trojan scanner and remover which detects more than 8000 different types of trojan horses. It uses three methods to find them. The first is the portscan which gives you information if there are open ports on your computer. The second one is the registry scan which searches through the system registry database for trojans. The third and the most important part is the disk scan. It scans your harddisks for dangerous trojan files and removes them safely. This commercial product is also available for a 14 day free trial.

2. Anti-Virus (AVP) Personal PRO
by Kaspersky Labs
Platforms: DOS, Windows 2000, Windows 95/98, Windows NT Relevant URL:
http://www.kaspersky.co.uk/products.asp?tgroup=2&pgroup=10&id=26

Kaspersky Ant-Virus Personal Pro provides full-scale protection with some additional protective components - a behavior blocker and integrity checker; appropriate for experienced users seeking the best anti-virus. Office Guard, integrated into Kaspersky™ Anti-Virus Personal Pro, constantly controls macros executed on your computer, and prohibits any suspicious action. The unique technology of the behavior blocker underlying Office Guard guarantees 100% protection from destructive macro-virus action, leaving no chance for any malicious macros to damage your computer.

3. InterScan VirusWall
by TrendMicro
Platforms: HP-UX, Solaris, Windows NT
Relevant URL:
http://www.antivirus.com/products/isvw/index.htm

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

InterScan VirusWall does real-time gateway scanning SMTP, FTP, and HTTP. Optionally blocks malicious applets JAVA and ActiveX

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. Netmon 1.52 by Johan Samuelson Relevant URL: http://w1.132.telia.com/~u13200034/netmon.html Platforms: Windows 2000, Windows 95/98 Summary:

Netmon is a compact, easy-to-use network information utility. It displays information pertaining to the IP, TCP, UDP and ICMP protocols. It's main purpose is viewing connections made using TCP and UDP protocols from or to your computer. It's main advantages over the console based version, is the the database of common trojan ports, the complete list of well-known ports, the user configurable filters and the automatic hostname lookup.

2. NeTraMet 3.2
by unknown
Relevant URL:
http://online.securityfocus.com/tools/1508 Platforms: DOS, IRIX, Linux, Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT
Summary:

NeTraMet is an accounting meter which runs on a PC under DOS or a Unix system. It builds up packet and byte counts for traffic flows, which are defined by their end-point addresses. Addresses can be ethernet addresses, protocol addresses (IP, DECnet, EtherTalk, IPX or CLNS) or 'transport' addresses (IP port numbers, etc), or any combination of these. The traffic flows to be observed are specified by a set of rules, which are downloaded to NeTraMet by a 'manager' program. Traffic flow data is collected via SNMP from NeTraMet by a 'collector' program.

NeTraMet provides a valuable tool for analysing network traffic flows, and should prove to be of interest to anyone interested in network monitoring, capacity planning, performance measurement, etc.

Full distribution, including manual, source & Makefiles for UNIX, executable files for PC (DOS/Win)

3. Network Equipment Performance Monitor v1.0 by jimesh
Relevant URL:
http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX, Windows 2000, Windows NT, Windows XP
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

NEPM monitors and reports uptime, critical events and their predecessors, access rates, bytes-served rates, and error rates for network node equipment. Hardware and software elements within the nodes are tracked and reported separately to make possible rapid fault isolation. It is a very general, highly configurable, two-part software system that captures and analyzes logged performance data from IP-networked equipment and reports it via email and Web pages. Current conditions and history from systems based on Windows NT/2000, Unix, and Unix-style operating systems can be tracked and reported. Most major server, switch and router systems can be monitored, without running agents on the target systems. NEPM itself is system-independent and can be hosted on either a Unix or Win NT system or a combination of these with equal ease.

VI. SPONSOR INFORMATION

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide.

Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php