• Summary of strategy is to implement secure shell as a telnet and file transfer replacement; put TCPWrappers around all deamons; deception toolkit "fake" deamons around un-used ports so you can see hackers coming, install stealth scan detector, install patches/updates, try a variety of new tools over time so you keep up to date and possible install these over obsolescent software. Try out new types of scanning software and techniques on the network to see if it is vunerable. Links below to a lot of modern software and FAQs.

• Secure Shell (SSH) - Secure Telnet Replacement and file transfer - http://www.ssh.fi/sshprotocols2/index.html
• Rsync - Secure Mirroring and backup of filesystem over the network - http://rsync.samba.org
• DTK (Deception Toolkit) - http://www.all.net/dtk/

• Wietse Venema's TCP Wrapper - ftp://ftp.win.tue.nl/pub/security/ or the new site at ftp://ftp.porcupine.org/pub/security/index.html

• Do a man portmap and secure the portmapper services. Installing some of Wietse Venema's portmapper utilties is a good option (for at minimum, being able to restart the portmapper without having to reboot)
• STROBE (old - use NMAP and MNS) Super Optimised TCP port surveyor for UNIX - ftp://coast.cs.purdue.edu/pub/tools/unix/strobe/

• ISS for UNIX Port Probe (old - use NMAP and MNS) - ftp://coast.cs.purdue.edu/pub/tools/unix/iss/

• NMAP stealth probe to test the network - http://www.insecure.org/nmap/index.html
• MNS stealth/ack adviser probe to test the network - http://www.thegrid.net/gravitino/products.html

• Stealth Scan detectors if your system supports it (most of them are only Linux and Solaris complient at the moment):
  • tcplogd - http://www.kalug.lug.net/tcplogd/
  • abacus sentry/port sentry - http://www.psionic.com/abacus/portsentry/
• CPM for UNIX - Check for network Interfaces in Promiscous Mode - ftp://info.cert.org/pub/tools/

• TCPDUMP for UNIX - ftp://ftp.ee.lbl.gov/

• XGRAPH for UNIX (Binaries and source code - for use with TCPDUMP) - http://jean-luc.ncsa.uiuc.edu/Codes/xgraph/

• TCPDUMP packet sniffer for UNIX - ftp://ftp.ee.lbl.gov/

• Sniffit(advanced and easy to use packet sniffer) for UNIX - http://reptile.rug.ac.be/~coder/sniffit/sniffit.html

• John the Ripper Password Cracker - http://www.false.com/security/john/

• lsof - List Open Files (and ports - not ported to IRIX 6.5.x) - ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/

• Saint Security Tester (don't use Satan, it is too old) - http://wwdsilx.wwdsi.com/saint/

• NESSUS Security Tester - http://www.nessus.org/

• Shadow (from SANS) - Intrusion Detection Software - http://www.nswc.navy.mil/ISSEC/CID/
• Argus Intrusion Detection Software - ftp://ftp.sei.cmu.edu/pub/argus/
• Network Flight Recorder (NFR) - http://www.nfr.net/products/demo.html
• Just in case - create a custom script or cron job to send your relevant SYSlog files regularly to another computer for safe keeping (have the date in the filenames so there is no overwriting)
• As a last resort option, install a tripwire system
  • Tripwire - http://www.cs.purdue.edu/coast/archive/Archive_Indexing.html
  • NCSfck for Linux - http://www.ncsn.za.net/soft/filechk.html
  • Mo - perl or ksh script - http://math.ucr.edu:8889/software/mo/
• Qmail - Free Sendmail Alternative - http://www.qmail.org

• ProFTPD - Free apache style, flexible FTPD Alternative Deception Toolkit - http://www.proftpd.org

• netstat -n | grep ESTABLISHED for Denial of Service type attacks

• rpcinfo -p - to look at processes that own port numbers.

• You can see the owner of a open port with (in this case on port 1023)
  • fuser -vn tcp 1023 or
  • lsof -i tcp:1023
• A Perl script from the apache newsgroup to use with TCPDUMP to see what files are being grabbed over the web - tdumpweb.pl

• Newsgroups:
  • comp.security.misc
  • cern.security.unix
  • comp.security.misc
  • comp.infosystems.www.servers.unix

Also Refer:

From: Vik Bajaj 
Newsgroups: sci.techniques.xtallography
Subject: Re: STX: Securing Crystallographic computers from electronic intruders/hackers?? - 
             Deception Toolkit (http://www.all.net/dtk/)??
Date: 11 Nov 1998 21:40:21 GMT
Organization: Science and Technology Wing
Xref: daresbury sci.techniques.xtallography:5136


Lachlan Cranswick  wrote:
> The program consists of both a TCP-Wrapper - and Perl scripts 
> that emulate fack buggy deamons/services on un-used ports.
> The strategy being to disable as many un-needed network services 
> as possible and put as many fake deamon scripts up as feasible.  
> (and the TCP Wrappers on used services).  (On a network, this
> would be installed on as many computers as possible).

This is a generally bad idea;  there are far better ways to do
intrusion detection!  Installing fake daemons may provide some limited
information, but it also opens up your system to a host of attacks.

A better solution is to secure your system and utilize a comprehensive
intrusion detection and management system.  At the network-level, this
implies control and logging of connections and connect attempt;  at
the host leve, it implies binary checksums and distributed system
event logging.  Crystallography labs are becoming well-known targets
for script hackers as of late.