NetXMS : A monitoring system with a modular architecture

NetXMS is a monitoring system with a modular architecture. It can be used for monitoring an entire IT infrastructure, starting with SNMP-capable hardware (like switches and routers) and ending with applications on servers. The system has a three-tier architecture; the information is collected by monitoring agents (either its own agents or SNMP agents) and delivered to the monitoring server for processing and storing, where it can be accessed by using the management console. It features centralized configuration and centralized agent upgrades.

• Licenses : GPL
• Operating Systems : POSIX, Windows, Windows CE
• Implementation : C++

FreeRADIUS : A high-performance, highly configurable, and feature-rich RADIUS server

FreeRADIUS is a high-performance, highly configurable, and feature-rich RADIUS server. Supported features include EAP (wireless authentication, PEAP, TTLS), MySQL, PostgreSQL, Oracle, LDAP, X9.9 token cards, VMPS, and many more. It comes with more than 50 vendor dictionaries, and interoperates with many others. It is the only open source RADIUS server that has implemented EAP, and it is currently deployed in multiple million-user systems.

• Licenses : GPL
• Operating Systems : POSIX, Windows, Cygwin, Unix
• Implementation : C

Likewise Open : joins Linux, Unix, & Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentiials

Likewise Open is an application that joins Linux, Unix, and Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentials. Features include: joining non-Windows systems to Active Directory domains in a single step from the command line or from a GUI; authenticating users with a single user name and password; enforcing the same password policies for all platforms; supporting multiple forests with one-way and two-way cross forest trusts; caching credentials in case your domain controller goes down; and providing single sign-on for SSH and Putty. It does not require Active Directory schema changes for installation.

• Licenses : GPL, GPLv2
• Operating Systems : Mac OS X, Windows, Unix

Mausezahn : A fast traffic generator which allows you to send nearly every possible and impossible packet

Mausezahn is a fast traffic generator which allows you to send nearly every possible and impossible packet. Mausezahn can be used, for example, as a traffic generator to stress multicast networks, for penetration testing of firewalls and IDS, for simulating DoS attacks on networks, to find bugs in network software or appliances, for reconnaissance attacks using ping sweeps and port scans, or to test network behavior under strange circumstances. Mausezahn gives you full control over the network interface card and allows you to send any byte stream you want (even violating Ethernet rules).

• Operating Systems : POSIX Linux
• Implementation : C

IPFire : A Linux firewall distribution that is built from source and comes with lots of additional features

IPFire is a Linux firewall distribution that is built from source and comes with lots of additional features. It is easy to set up and administer. It features a firewall with stateful inspection, a content filtering engine, traffic control (QoS), VPN technology, and a lot of logging.

• Licenses : GPLv3
• Operating Systems : POSIX, Linux

HAproxy : A high-performance and highly-robust TCP and HTTP load balancer

HAproxy is a high-performance and highly-robust TCP and HTTP load balancer which provides cookie-based persistence, content-based switching, advanced traffic regulation with surge protection, automatic failover, run-time regex-based header control, Web-based reporting, advanced logging to help trouble-shooting buggy applications and/or networks, and a few other features. Its own event-driven state machine achieves 20,000 hits per second and surpasses GigaEthernet on modern hardware, even with tens of thousands of simultaneous connections.

• Licenses : GPL
• Operating Systems : POSIX, Linux, BSD, OpenBSD, Solaris
• Implementation : C

RetroShare : A cross-platform private P2P sharing program

RetroShare is a cross-platform private P2P sharing program. It lets you share securely with your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides file sharing, chat, messages, and channels.

• Licenses : LGPL GPL
• Operating Systems : POSIX, Linux, Windows, mac
• Implementation : C++, Qt

sinfo : A monitoring tool that uses a broadcast scheme to distribute information on the status of each computer on your local network

sinfo is a monitoring tool that uses a broadcast scheme to distribute information on the status of each computer on your local network. It supports CPU, memory usage, network load, and information about the top 5 processes on each computer. sinfo uses ncurses to display the information in an attractive manner.

• Licenses : GPL
• Operating Systems : POSIX, Linux, Solaris, BSD, FreeBSD

NuFW is an authenticating firewal

NuFW is an authenticating firewall. It adds strict and secure identity-based filtering capabilities to enterprise-grade firewalls. It can also set quality of service on a per-user basis and log user activities into an SQL database. Furthermore, it can use multiple external authentication sources via PAM and be the key of a Single Sign On solution.

• Licenses : GPLv3
• Operating Systems : POSIX, Linux
• Implementation : C

The GNU Gatekeeper : A free H.323 gatekeeper based on the OpenH323 project

The GNU Gatekeeper is a free H.323 gatekeeper based on the OpenH323 project. You can use it to manage a Voice-over-IP network and let endpoints (e.g., Netmeeting) communicate through symbolic names. It also has an external interface for billing and other applications. It runs on a number of Unix versions (including Linux and Solaris) and Windows.

• Licenses : GPLv2
• Operating Systems : Mac OS X, POSIX, BSD, FreeBSD, Windows, Linux, Solaris
• Implementation : C++

RetroShare : A cross-platform private P2P sharing program

RetroShare is a cross-platform private P2P sharing program. It lets you share securely with your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication. RetroShare provides file sharing, chat, messages, and channels.

• Licenses : LGPL, GPL
• Operating Systems : POSIX, Linux, Windows, mac
• Implementation : C++, Qt

Wireshark : A network protocol analyzer, or "packet sniffer", that lets you capture and interactively browse the contents of network frames

Wireshark (formerly Ethereal) is a network protocol analyzer, or "packet sniffer", that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality packet analyzer for Unix, and the most useful packet analyzer on any platform.

• Licenses : GPL
• Operating Systems : Mac OS X, Windows, POSIX
• Implementation : C

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

• Licenses : GPL
• Operating Systems : POSIX Linux BSD FreeBSD
• Implementation : C, C++

Vyatta : A Linux-based routing and security distribution

Vyatta is a Linux-based routing and security distribution. It is meant to deliver a flexible, affordable alternative to Cisco 1800 through 7200 series routers. Vyatta is also a great virtual router, virtual firewall, virtual security solution for VMware, Xen, XenServer, and KVM virtualization projects.

• Licenses : GPLv2
• Implementation : C, C++

Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods

Service Guardian aims to protect servers against various things such as resource exhaustion and connection floods. It can measure the number of connections to servers' ports and, after a grace time period, compares and sees if the host is still in violation of the specified settings. If a host is in violation of the settings, it will be filtered out and dropped via netfilter/iptables.

• Licenses : GPLv3
• Operating Systems : POSIX, Linux
• Implementation : C

strongSwan : A complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It also fully supports the new IKEv2 protocol with Linux 2.6 kernels. It interoperates in both IKEv1 and IKEv2 mode with most other IPsec-based VPN products. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

• Licenses : GPL
• Operating Systems : POSIX, Linux
• Implementation : C

Sshguard monitors services through their logging activit

Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.

Licenses	BSD Revised
Operating Systems	POSIX
Implementation	C

Babel Router: A distance-vector routing protocol for IPv6 and IPv4

Babel Router is a distance-vector routing protocol for IPv6 and IPv4. It is designed to be robust and work efficiently on both wired networks and wireless mesh networks.

• Licenses MIT/X
• Operating Systems Mac OS X POSIX Linux
• Implementation C

HAproxy : A high-performance and highly-robust TCP and HTTP load balancer

HAproxy is a high-performance and highly-robust TCP and HTTP load balancer which provides cookie-based persistence, content-based switching, advanced traffic regulation with surge protection, automatic failover, run-time regex-based header control, Web-based reporting, advanced logging to help trouble-shooting buggy applications and/or networks, and a few other features. Its own event-driven state machine achieves 20,000 hits per second and surpasses GigaEthernet on modern hardware, even with tens of thousands of simultaneous connections.

• Licenses : GPL
• Operating Systems : POSIX, Linux, BSD, OpenBSD, Solaris
• Implementation : C

Likewise Open : Joins Linux, Unix, and Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentials

Likewise Open is an application that joins Linux, Unix, and Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentials. Features include: joining non-Windows systems to Active Directory domains in a single step from the command line or from a GUI; authenticating users with a single user name and password; enforcing the same password policies for all platforms; supporting multiple forests with one-way and two-way cross forest trusts; caching credentials in case your domain controller goes down; and providing single sign-on for SSH and Putty. It does not require Active Directory schema changes for installation.

• Licenses : GPL GPLv2
• Operating Systems : Mac OS X, Windows, Unix