[LWN Logo]
[Timeline]
Date:         Tue, 25 Jul 2000 11:18:49 -0500
From: Simple Nomad <thegnome@NMRC.ORG>
Subject:      RAZOR Releases New Tools for Black Hat
To: BUGTRAQ@SECURITYFOCUS.COM

For the Black Hat Briefings, BindView's RAZOR team is announcing the
following:

	- VLAD the Scanner
	- Despoof
	- Updates to HackerShield

VLAD the Scanner - A freeware, open-source scanner that checks for common
security problems. VLAD checks for the items referenced in the SANS Top
Ten list of common security problems, found at
http://www.sans.org/topten.htm. While freeware scanners are not
neccessarily unique, VLAD is rather unique because of the amount of
vulnerable CGI programs it checks for, and its comprehensive
account/password checks (seven different protocols). VLAD runs on most
Unix systems (tested on Linux, *BSDs) and requires a number of Perl
modules from CPAN (http://www.cpan.org/). This package was written by the
members of the RAZOR team.

Despoof - A freeware, open-source utility that tries to determine if a
received packet is in fact spoofed by checking the TTL. This command-line
utility is intended for near real-time responding (such as being triggered
from an IDS). The README explains it all. This utility is based on an idea
by Donald McLachlan [don@mainframe.dgrc.crc.ca] (thanks Don!). Despoof
runs on most Unix systems (tested on Linux, *BSDs), and requires libnet
1.0 and libpcap 0.4.

Updates to HackerShield - BindView's HackerShield security scanner has a
new RapidFire Update that includes the ability to check for all of the
issues associated with SANS Top Ten list. The new RapidFire Update
includes the same CGI checks as VLAD, making it one of the most
comprehensive commercial scanners available. HackerShield runs on NT, and
the RapidFire Updates are free for existing HackerShield users. However,
attendees of Black Hat can pick up a free copy (30 day license, ask the
BindView people at BH for details) of HackerShield, and get the RapidFire
Updates to help secure thier systems.

VLAD the Scanner and Despoof:
http://razor.bindview.com/tools/

HackerShield:
http://www.bindview.com/products/hackershield/index.html

See you at Black Hat and DefCon!

-         Simple Nomad          -     "No rest for the Wicca'd"     -
-      thegnome@nmrc.org        -                                   -
-  thegnome@razor.bindview.com  - www.nmrc.org   razor.bindview.com -