IP Address Scanning | Ports | TTY Watcher | RotoRouter | Industrial Programs | IP Watcher | EtherPeek | Intruders

Industrial Strength War Programs

    Now -- let's say you are responsible for a large LAN or an entire ISP. Especially if you are responsible for a commercial Web site, this is a job that calls for much more than the programs above can do.  According to an International Computer Security Association report of April, 1997, about a half of US Web sites are attacked or probed each month. True, most of these are probes from the clueless, but even the clueless get lucky sometimes. You may well need security products that can handle a broad spectrum of computer crime problems, that work across a network, and that can spot the most sophisticated attacks. Most important, you need the power to fight back.

    Since I don't like to take a company's word for the quality of their security products, I will only discuss the two that I have tested: EtherPeek 3.5 for MacOS, from AG Group at http://www.aggroup.com/; and IP-Watcher for Unix from En Garde Systems, http://www.engarde.com/. I picked those two because they promised exceptional powers to detect attack, and in the case of IP-Watcher, to fight back when under attack. EtherPeek in particular also gets high recommendations from sysadmins I know at the AGIS Internet backbone, and Rt66 Internet, the largest ISP in New Mexico. Both AGIS and Rt66 have had more than their share of attacks by computer criminals, so they have had real life experience with EtherPeek.

    Another plus for EtherPeek and IP-Watcher is that they are both ideal for testing other security products such as firewalls, router packet filters, and wrappers, and to track down and gather the evidence needed to put computer criminals behind bars.

    Let's begin with EtherPeek. Besides the Mac version, there is a version that runs on Windows NT, and even Windows 95/98. However, I recommend the Mac version because not many hackers know how to compromise, disable or crash Macs. Windows, by contrast, is vulnerable to the many denial of service attacks that kode kiddies think are 31337 (elite). While you can protect your Windows boxes from attacks from the Internet with a well-configured router and firewall, what if the intruder is inside your LAN?