I was trying to find an official, authoritative list of HTTP Status Codes but I kept finding lists that weren't authoritative or complete. So I searched and found my answer in the Apache HTTP Server source code. Once I had the exact HTTP Status Codes and resulting Error Documents sent by Apache, I researched deeper into HTTP Status Codes by reading as many related RFC's as I could find, and several other software source codes were explored. This is the most authoritative list I know of, if you can do better leave a comment and I'll update it. Another thing to keep in mind, the Status code number itself is what is used by software and hardware to make determinations, the phrase returned by the status code is for the human only and does not have any weight other than informing the user.. So "503 Service Unavailable", "503 Service Temporarily Unavailable", and "503 Get the heck outta here" are all completely valid.

Update March 9, 2009: A lot of sites on the web have updated their HTTP status code lists to include the HTTP Status codes listed on this page, including Wikipedia, IANA, W3C, and others, so rest assured this info is accurate and complete. If you'd like to see how to create custom error pages for all of these errors like mine /show-error-506 , then check out this detailed tutorial I just posted.

Contents

• List of All 57 HTTP Response Status Code
• Quick Start to triggering ErrorDocuments for each Status Code
• Automate the ErrorDocument Triggering
  • The htaccess Code
  • PHP script that gets and outputs the Headers/Content
• Headers and Content Returned
• Apache Source Code
  • httpd.h
  • http_protocol.c

57 APACHE HTTP STATUS RESPONSE CODES

Once I compiled the list of Apache recognized HTTP Status Codes, I was dying to see them all in action (i.e. the corresponding ErrorDocument). At first I thought I would have to create a php or perl script emulating each of the 57 HTTP Status Codes, a tedious undertaking I wasn't about to do. Instead I "asked Apache" by searching the Apache HTTP Documentation for ambiguity sending Status Codes and/or triggering ErrorDocuments with an Apache Directive.
While reading up on mod_alias and the Redirect directive I found:

Apache Docs

Syntax: Redirect [status] URL-path URL The status argument can be used to return other HTTP status codes. Other status codes can be returned by giving the numeric status code as the value of status. If the status is between 300 and 399, the URL argument must be present, otherwise it must be omitted.

100 Continue

ErrorDocument Continue | Sample 100 Continue
This means that the server has received the request headers, and that the client should proceed to send the request body (in case of a request which needs to be sent; for example, a POST request). If the request body is large, sending it to a server when a request has already been rejected based upon inappropriate headers is inefficient. To have a server check if the request could be accepted based on the requests headers alone, a client must send Expect: 100-continue as a header in its initial request (see RFC 2616 14.20 Expect header) and check if a 100 Continue status code is received in response before continuing (or receive 417 Expectation Failed and not continue).

101 Switching Protocols

ErrorDocument Switching Protocols | Sample 101 Switching Protocols
This means the requester has asked the server to switch protocols and the server is acknowledging that it will do so.[3]

102 Processing

ErrorDocument Processing | Sample 102 Processing
(WebDAV) - (RFC 2518 )

200 OK

ErrorDocument OK | Sample 200 OK
Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request the response will contain an entity describing or containing the result of the action.

201 Created

ErrorDocument Created | Sample 201 Created
The request has been fulfilled and resulted in a new resource being created.

202 Accepted

ErrorDocument Accepted | Sample 202 Accepted
The request has been accepted for processing, but the processing has not been completed. The request might or might not eventually be acted upon, as it might be disallowed when processing actually takes place.

203 Non-Authoritative Information

ErrorDocument Non-Authoritative Information | Sample 203 Non-Authoritative Information
The server successfully processed the request, but is returning information that may be from another source.

204 No Content

ErrorDocument No Content | Sample 204 No Content
The server successfully processed the request, but is not returning any content.

205 Reset Content

ErrorDocument Reset Content | Sample 205 Reset Content
The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires that the requester reset the document view.

206 Partial Content

ErrorDocument Partial Content | Sample 206 Partial Content
The server is delivering only part of the resource due to a range header sent by the client. This is used by tools like wget to enable resuming of interrupted downloads, or split a download into multiple simultaneous streams.

207 Multi-Status

ErrorDocument Multi-Status | Sample 207 Multi-Status
(WebDAV) - The message body that follows is an XML message and can contain a number of separate response codes, depending on how many sub-requests were made.

226 IM Used

ErrorDocument IM Used | Sample 226 IM Used
The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance. The actual current instance might not be available except by combining this response with other previous or future responses, as appropriate for the specific instance-manipulation(s).

300 Multiple Choices

ErrorDocument Multiple Choices | Sample 300 Multiple Choices
Indicates multiple options for the resource that the client may follow. It, for instance, could be used to present different format options for video, list files with different extensions, or word sense disambiguation.

301 Moved Permanently

ErrorDocument Moved Permanently | Sample 301 Moved Permanently
This and all future requests should be directed to the given URI.

302 Found

ErrorDocument Found | Sample 302 Found
This is the most popular redirect code[citation needed], but also an example of industrial practice contradicting the standard. HTTP/1.0 specification (RFC 1945 ) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented it as a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to disambiguate between the two behaviours. However, the majority of Web applications and frameworks still use the 302 status code as if it were the 303.

303 See Other

ErrorDocument See Other | Sample 303 See Other
The response to the request can be found under another URI using a GET method. When received in response to a PUT, it should be assumed that the server has received the data and the redirect should be issued with a separate GET message.

304 Not Modified

ErrorDocument Not Modified | Sample 304 Not Modified
Indicates the resource has not been modified since last requested. Typically, the HTTP client provides a header like the If-Modified-Since header to provide a time against which to compare. Utilizing this saves bandwidth and reprocessing on both the server and client, as only the header data must be sent and received in comparison to the entirety of the page being re-processed by the server, then resent using more bandwidth of the server and client.

305 Use Proxy

ErrorDocument Use Proxy | Sample 305 Use Proxy
Many HTTP clients (such as Mozilla[4] and Internet Explorer) do not correctly handle responses with this status code, primarily for security reasons.

306 Switch Proxy

ErrorDocument Switch Proxy | Sample 306 Switch Proxy
No longer used.

307 Temporary Redirect

ErrorDocument Temporary Redirect | Sample 307 Temporary Redirect
In this occasion, the request should be repeated with another URI, but future requests can still use the original URI. In contrast to 303, the request method should not be changed when reissuing the original request. For instance, a POST request must be repeated using another POST request.

400 Bad Request

ErrorDocument Bad Request | Sample 400 Bad Request
The request contains bad syntax or cannot be fulfilled.

401 Unauthorized

ErrorDocument Unauthorized | Sample 401 Unauthorized
Similar to 403 Forbidden, but specifically for use when authentication is possible but has failed or not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.

402 Payment Required

ErrorDocument Payment Required | Sample 402 Payment Required
The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, but that has not happened, and this code has never been used.

403 Forbidden

ErrorDocument Forbidden | Sample 403 Forbidden
The request was a legal request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference.

404 Not Found

ErrorDocument Not Found | Sample 404 Not Found
The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.

405 Method Not Allowed

ErrorDocument Method Not Allowed | Sample 405 Method Not Allowed
A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource.

406 Not Acceptable

ErrorDocument Not Acceptable | Sample 406 Not Acceptable
The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request.

407 Proxy Authentication Required

ErrorDocument Proxy Authentication Required | Sample 407 Proxy Authentication Required
Required

408 Request Timeout

ErrorDocument Request Timeout | Sample 408 Request Timeout
The server timed out waiting for the request.

409 Conflict

ErrorDocument Conflict | Sample 409 Conflict
Indicates that the request could not be processed because of conflict in the request, such as an edit conflict.

410 Gone

ErrorDocument Gone | Sample 410 Gone
Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed; however, it is not necessary to return this code and a 404 Not Found can be issued instead. Upon receiving a 410 status code, the client should not request the resource again in the future. Clients such as search engines should remove the resource from their indexes.

411 Length Required

ErrorDocument Length Required | Sample 411 Length Required
The request did not specify the length of its content, which is required by the requested resource.

412 Precondition Failed

ErrorDocument Precondition Failed | Sample 412 Precondition Failed
The server does not meet one of the preconditions that the requester put on the request.

413 Request Entity Too Large

ErrorDocument Request Entity Too Large | Sample 413 Request Entity Too Large
The request is larger than the server is willing or able to process.

414 Request-URI Too Long

ErrorDocument Request-URI Too Long | Sample 414 Request-URI Too Long
The URI provided was too long for the server to process.

415 Unsupported Media Type

ErrorDocument Unsupported Media Type | Sample 415 Unsupported Media Type
The request did not specify any media types that the server or resource supports. For example the client specified that an image resource should be served as image/svg+xml, but the server cannot find a matching version of the image.

416 Requested Range Not Satisfiable

ErrorDocument Requested Range Not Satisfiable | Sample 416 Requested Range Not Satisfiable
The client has asked for a portion of the file, but the server cannot supply that portion (for example, if the client asked for a part of the file that lies beyond the end of the file).

417 Expectation Failed

ErrorDocument Expectation Failed | Sample 417 Expectation Failed
The server cannot meet the requirements of the Expect request-header field.

418 I'm a teapot

ErrorDocument I'm a teapot | Sample 418 I'm a teapot
The HTCPCP server is a teapot. The responding entity MAY be short and stout. Defined by the April Fools specification RFC 2324. See Hyper Text Coffee Pot Control Protocol for more information.

422 Unprocessable Entity

ErrorDocument Unprocessable Entity | Sample 422 Unprocessable Entity
(WebDAV) (RFC 4918 ) - The request was well-formed but was unable to be followed due to semantic errors.

423 Locked

ErrorDocument Locked | Sample 423 Locked
(WebDAV) (RFC 4918 ) - The resource that is being accessed is locked

424 Failed Dependency

ErrorDocument Failed Dependency | Sample 424 Failed Dependency
(WebDAV) (RFC 4918 ) - The request failed due to failure of a previous request (e.g. a PROPPATCH).

425 Unordered Collection

ErrorDocument Unordered Collection | Sample 425 Unordered Collection
Defined in drafts of WebDav Advanced Collections, but not present in "Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol" (RFC 3648).

426 Upgrade Required

ErrorDocument Upgrade Required | Sample 426 Upgrade Required
(RFC 2817 ) - The client should switch to TLS/1.0.

449 Retry With

ErrorDocument Retry With | Sample 449 Retry With
A Microsoft extension. The request should be retried after doing the appropriate action.

500 Internal Server Error

ErrorDocument Internal Server Error | Sample 500 Internal Server Error
A generic error message, given when no more specific message is suitable.

501 Not Implemented

ErrorDocument Not Implemented | Sample 501 Not Implemented
The server either does not recognise the request method, or it lacks the ability to fulfil the request.

502 Bad Gateway

ErrorDocument Bad Gateway | Sample 502 Bad Gateway
The server was acting as a gateway or proxy and received an invalid response from the upstream server.

503 Service Unavailable

ErrorDocument Service Unavailable | Sample 503 Service Unavailable
The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.

504 Gateway Timeout

ErrorDocument Gateway Timeout | Sample 504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely request from the upstream server.

505 HTTP Version Not Supported

ErrorDocument HTTP Version Not Supported | Sample 505 HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request.

506 Variant Also Negotiates

ErrorDocument Variant Also Negotiates | Sample 506 Variant Also Negotiates
(RFC 2295 ) - Transparent content negotiation for the request, results in a circular reference.

507 Insufficient Storage

ErrorDocument Insufficient Storage | Sample 507 Insufficient Storage
(WebDAV) (RFC 4918 )

509 Bandwidth Limit Exceeded

ErrorDocument Bandwidth Limit Exceeded | Sample 509 Bandwidth Limit Exceeded
(Apache bw/limited extension) - This status code, while used by many servers, is not specified in any RFCs.

510 Not Extended

ErrorDocument Not Extended | Sample 510 Not Extended
(RFC 2774 ) - Further extensions to the request are required for the server to fulfil it.

1xx Info / Informational

HTTP_INFO - Request received, continuing process. Indicates a provisional response, consisting only of the Status-Line and optional headers, and is terminated by an empty line.

• 100 Continue - HTTP_CONTINUE
• 101 Switching Protocols - HTTP_SWITCHING_PROTOCOLS
• 102 Processing - HTTP_PROCESSING

2xx Success / OK

HTTP_SUCCESS - The action was successfully received, understood, and accepted. Indicates that the client's request was successfully received, understood, and accepted.

• 200 OK - HTTP_OK
• 201 Created - HTTP_CREATED
• 202 Accepted - HTTP_ACCEPTED
• 203 Non-Authoritative Information - HTTP_NON_AUTHORITATIVE
• 204 No Content - HTTP_NO_CONTENT
• 205 Reset Content - HTTP_RESET_CONTENT
• 206 Partial Content - HTTP_PARTIAL_CONTENT
• 207 Multi-Status - HTTP_MULTI_STATUS

3xx Redirect

HTTP_REDIRECT - The client must take additional action to complete the request. Indicates that further action needs to be taken by the user-agent in order to fulfill the request. The action required may be carried out by the user agent without interaction with the user if and only if the method used in the second request is GET or HEAD. A user agent should not automatically redirect a request more than 5 times, since such redirections usually indicate an infinite loop.

• 300 Multiple Choices - HTTP_MULTIPLE_CHOICES
• 301 Moved Permanently - HTTP_MOVED_PERMANENTLY
• 302 Found - HTTP_MOVED_TEMPORARILY
• 303 See Other - HTTP_SEE_OTHER
• 304 Not Modified - HTTP_NOT_MODIFIED
• 305 Use Proxy - HTTP_USE_PROXY
• 306 unused - UNUSED
• 307 Temporary Redirect - HTTP_TEMPORARY_REDIRECT

4xx Client Error

HTTP_CLIENT_ERROR - The request contains bad syntax or cannot be fulfilled. Indicates case where client seems to have erred. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition.

• 400 Bad Request - HTTP_BAD_REQUEST
• 401 Authorization Required - HTTP_UNAUTHORIZED
• 402 Payment Required - HTTP_PAYMENT_REQUIRED
• 403 Forbidden - HTTP_FORBIDDEN
• 404 Not Found - HTTP_NOT_FOUND
• 405 Method Not Allowed - HTTP_METHOD_NOT_ALLOWED
• 406 Not Acceptable - HTTP_NOT_ACCEPTABLE
• 407 Proxy Authentication Required - HTTP_PROXY_AUTHENTICATION_REQUIRED
• 408 Request Time-out - HTTP_REQUEST_TIME_OUT
• 409 Conflict - HTTP_CONFLICT
• 410 Gone - HTTP_GONE
• 411 Length Required - HTTP_LENGTH_REQUIRED
• 412 Precondition Failed - HTTP_PRECONDITION_FAILED
• 413 Request Entity Too Large - HTTP_REQUEST_ENTITY_TOO_LARGE
• 414 Request-URI Too Large - HTTP_REQUEST_URI_TOO_LARGE
• 415 Unsupported Media Type - HTTP_UNSUPPORTED_MEDIA_TYPE
• 416 Requested Range Not Satisfiable - HTTP_RANGE_NOT_SATISFIABLE
• 417 Expectation Failed - HTTP_EXPECTATION_FAILED
• 418 I'm a teapot - UNUSED
• 419 unused - UNUSED
• 420 unused - UNUSED
• 421 unused - UNUSED
• 422 Unprocessable Entity - HTTP_UNPROCESSABLE_ENTITY
• 423 Locked - HTTP_LOCKED
• 424 Failed Dependency - HTTP_FAILED_DEPENDENCY
• 425 No code - HTTP_NO_CODE
• 426 Upgrade Required - HTTP_UPGRADE_REQUIRED

5xx Server Error

HTTP_SERVER_ERROR - The server failed to fulfill an apparently valid request. Indicate cases in which the server is aware that it has erred or is incapable of performing the request. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. User agents should display any included entity to the user. These response codes are applicable to any request method.

• 500 Internal Server Error - HTTP_INTERNAL_SERVER_ERROR
• 501 Method Not Implemented - HTTP_NOT_IMPLEMENTED
• 502 Bad Gateway - HTTP_BAD_GATEWAY
• 503 Service Temporarily Unavailable - HTTP_SERVICE_UNAVAILABLE
• 504 Gateway Time-out - HTTP_GATEWAY_TIME_OUT
• 505 HTTP Version Not Supported - HTTP_VERSION_NOT_SUPPORTED
• 506 Variant Also Negotiates - HTTP_VARIANT_ALSO_VARIES
• 507 Insufficient Storage - HTTP_INSUFFICIENT_STORAGE
• 508 unused - UNUSED
• 509 unused - UNUSED
• 510 Not Extended - HTTP_NOT_EXTENDED

Quick Start to triggering ErrorDocuments for each Status Code

Let start with a quick and easy example. Add the following Redirect rules to your htaccess file, then open your browser and goto each url like yoursite.com/e/400. Don't create an /e/ directory or any files.

Redirect 400 /e/400
Redirect 503 /e/503
Redirect 405 /e/405

Automate the ErrorDocument Triggering

The htaccess Redirects

When a Status code is encountered, Apache outputs the Header and the ErrorDocument for that error code. So you can view any Header and the default ErrorDocument, by causing that numerical error code, which is caused by the Status Code.

For instance, if you request a file that doesn't exist, a 404 Not Found Header is issued and the corresponding ErrorDocument is served with the 404 Not Found Header.

Redirect 100 /e/100
Redirect 101 /e/101
Redirect 102 /e/102
Redirect 200 /e/200
Redirect 201 /e/201
Redirect 202 /e/202
Redirect 203 /e/203
Redirect 204 /e/204
Redirect 205 /e/205
Redirect 206 /e/206
Redirect 207 /e/207
Redirect 300 /e/300 http://www.askapache.com/?s=300
Redirect 301 /e/301 http://www.askapache.com/?s=301
Redirect 302 /e/302 http://www.askapache.com/?s=302
Redirect 303 /e/303 http://www.askapache.com/?s=303
Redirect 304 /e/304 http://www.askapache.com/?s=304
Redirect 305 /e/305 http://www.askapache.com/?s=305
Redirect 306 /e/306 http://www.askapache.com/?s=306
Redirect 307 /e/307 http://www.askapache.com/?s=307
Redirect 400 /e/400
Redirect 401 /e/401
Redirect 402 /e/402
Redirect 403 /e/403
Redirect 404 /e/404
Redirect 405 /e/405
Redirect 406 /e/406
Redirect 407 /e/407
Redirect 408 /e/408
Redirect 409 /e/409
Redirect 410 /e/410
Redirect 411 /e/411
Redirect 412 /e/412
Redirect 413 /e/413
Redirect 414 /e/414
Redirect 415 /e/415
Redirect 416 /e/416
Redirect 417 /e/417
Redirect 418 /e/418
Redirect 419 /e/419
Redirect 420 /e/420
Redirect 421 /e/421
Redirect 422 /e/422
Redirect 423 /e/423
Redirect 424 /e/424
Redirect 425 /e/425
Redirect 426 /e/426
Redirect 500 /e/500
Redirect 501 /e/501
Redirect 502 /e/502
Redirect 503 /e/503
Redirect 504 /e/504
Redirect 505 /e/505
Redirect 506 /e/506
Redirect 507 /e/507
Redirect 508 /e/508
Redirect 509 /e/509
Redirect 510 /e/510

PHP script that gets and outputs the Headers/Content

Now all I have to do is add 57 Redirect Directives to my htaccess, and then request each of them 1 at a time from my browser to see the result, and use a packet sniffing program like WireShark to see the Headers. Uh, scratch that, that would take way too long!

Instead I hacked up a simple php script using cURL to automate sending GET Requests to each of the 57 Redirect URL-paths. A side benefit of using the php script is that it performs all 57 Requests concurrently and saves each Requests returned headers and content to an output buffer. After all 57 have been queried, the output buffer is flushed to the browser.

<?php
$SITENAME='http://www.askapache.com';
 
$CODES = array(array('100','101','102'),
array('200','201','202','203','204','205','206','207'),
array('300','301','302','303','304','305','306','307'),
array('400','401','402','403','404','405','406','407','408','409','410','411','412','413',
'414','415','416','417','418','419','420','421','422','423','424','425','426'),
array('500','501','502','503','504','505','506','507','508','509','510'));
 
$TMPSAVETO='/tmp/'.time().'.txt';
 
# if file exists then delete it
if(is_file($TMPSAVETO))unlink($TMPSAVETO);
 
foreach($CODES as $keyd => $res)
{
foreach($res as $key)
{
$ch = curl_init("$SITENAME/e/$key");
$fp = fopen ($TMPSAVETO, "a");
curl_setopt ($ch, CURLOPT_FILE, $fp);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_setopt ($ch, CURLOPT_HEADER ,1);
curl_exec ($ch);
curl_close ($ch);
fclose ($fp);
}
}
$OUT='';
ob_start();
header ("Content-Type: text/plain;");
readfile($TMPSAVETO);
$OUT=ob_get_clean();
echo $OUT;
unlink($TMPSAVETO);
exit;
?>

Headers and Content Returned

100 Continue

HTTP/1.1 100 Continue
<html>
<head>
<title>100 Continue</title>
</head>
<body>
<h1>Continue</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

101 Switching Protocols

HTTP/1.1 101 Switching Protocols<html>
<head>
<title>101 Switching Protocols</title>
</head>
<body>
<h1>Switching Protocols</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

102 Processing

HTTP/1.1 102 Processing
X-Pad: avoid browser bug<html>
<head>
<title>102 Processing</title>
</head>
<body>
<h1>Processing</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

200 OK

HTTP/1.1 200 OK
<html>
<head>
<title>200 OK</title>
</head>
<body>
<h1>OK</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

201 Created

HTTP/1.1 201 Created
<html>
<head>
<title>201 Created</title>
</head>
<body>
<h1>Created</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

202 Accepted

HTTP/1.1 202 Accepted
<html>
<head>
<title>202 Accepted</title>
</head>
<body>
<h1>Accepted</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

203 Non-Authoritative Information

HTTP/1.1 203 Non-Authoritative Information
<html>
<head>
<title>203 Non-Authoritative Information</title>
</head>
<body>
<h1>Non-Authoritative Information</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

204 No Content

HTTP/1.1 204 No Content
Content-Type: text/plain; charset=UTF-8

205 Reset Content

HTTP/1.1 205 Reset Content<html>
<head>
<title>205 Reset Content</title>
</head>
<body>
<h1>Reset Content</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

206 Partial Content

HTTP/1.1 206 Partial Content<html>
<head>
<title>206 Partial Content</title>
</head>
<body>
<h1>Partial Content</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

207 Multi-Status

HTTP/1.1 207 Multi-Status
X-Pad: avoid browser bug<html>
<head>
<title>207 Multi-Status</title>
</head>
<body>
<h1>Multi-Status</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

300 Multiple Choices

HTTP/1.1 300 Multiple Choices
Location: http://www.askapache.com/?s=300<html>
<head>
<title>300 Multiple Choices</title>
</head>
<body>
<h1>Multiple Choices</h1>
</body>
</html>

301 Moved Permanently

HTTP/1.1 301 Moved Permanently
Location: http://www.askapache.com/?s=301<html>
<head>
<title>301 Moved Permanently</title>
</head>
<body>
<h1>Moved Permanently</h1>
<p>The document has moved  <a href="http://www.askapache.com/?s=301">here</a> .</p>
</body>
</html>

302 Found

HTTP/1.1 302 Found
Location: http://www.askapache.com/?s=302<html>
<head>
<title>302 Found</title>
</head>
<body>
<h1>Found</h1>
<p>The document has moved  <a href="http://www.askapache.com/?s=302">here</a> .</p>
</body>
</html>

303 See Other

HTTP/1.1 303 See Other
Location: http://www.askapache.com/?s=303<html>
<head>
<title>303 See Other</title>
</head>
<body>
<h1>See Other</h1>
<p>The answer to your request is located  <a href="http://www.askapache.com/?s=303">here</a> .</p>
</body>
</html>

304 Not Modified

HTTP/1.1 304 Not Modified

305 Use Proxy

HTTP/1.1 305 Use Proxy
Location: http://www.askapache.com/?s=305<html>
<head>
<title>305 Use Proxy</title>
</head>
<body>
<h1>Use Proxy</h1>
<p>This resource is only accessible through the proxy
    http://www.askapache.com/?s=305<br />You will need to configure your client to use that proxy.</p>
</body>
</html>

306 unused

HTTP/1.1 306 unused
Location: http://www.askapache.com/?s=306<html>
<head>
<title>306 unused</title>
</head>
<body>
<h1>unused</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

307 Temporary Redirect

HTTP/1.1 307 Temporary Redirect
Location: http://www.askapache.com/?s=307<html>
<head>
<title>307 Temporary Redirect</title>
</head>
<body>
<h1>Temporary Redirect</h1>
<p>The document has moved  <a href="http://www.askapache.com/?s=307">here</a> .</p>
</body>
</html>

400 Bad Request

HTTP/1.1 400 Bad Request
Connection: close<html>
<head>
<title>400 Bad Request</title>
</head>
<body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.</p>
</body>
</html>

401 Authorization Required

HTTP/1.1 401 Authorization Required<html>
<head>
<title>401 Authorization Required</title>
</head>
<body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
    are authorized to access the document
    requested.  Either you supplied the wrong
    credentials (e.g., bad password), or your
    browser doesn't understand how to supply
    the credentials required.</p>
<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body>
</html>

402 Payment Required

HTTP/1.1 402 Payment Required<html>
<head>
<title>402 Payment Required</title>
</head>
<body>
<h1>Payment Required</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

403 Forbidden

HTTP/1.1 403 Forbidden<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<h1>Forbidden</h1>
<p>You don't have permission to access /e/403
    on this server.</p>
<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body>
</html>

404 Not Found

HTTP/1.1 404 Not Found<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<h1>Not Found</h1>
<p>The requested URL /e/404 was not found on this server.</p>
</body>
</html>

NOTE:
You will most definately want to check out and use the Google 404 Error Page if you run WordPress.

405 Method Not Allowed

HTTP/1.1 405 Method Not Allowed
Allow: TRACE
<html>
<head>
<title>405 Method Not Allowed</title>
</head>
<body>
<h1>Method Not Allowed</h1>
<p>The requested method GET is not allowed for the URL /e/405.</p>
</body>
</html>

406 Not Acceptable

HTTP/1.1 406 Not Acceptable
<html>
<head>
<title>406 Not Acceptable</title>
</head>
<body>
<h1>Not Acceptable</h1>
<p>An appropriate representation of the requested resource /e/406 could not be found on this server.</p>
</body>
</html>

407 Proxy Authentication Required

HTTP/1.1 407 Proxy Authentication Required<html>
<head>
<title>407 Proxy Authentication Required</title>
</head>
<body>
<h1>Proxy Authentication Required</h1>
<p>This server could not verify that you
    are authorized to access the document
    requested.  Either you supplied the wrong
    credentials (e.g., bad password), or your
    browser doesn't understand how to supply
    the credentials required.</p>
</body>
</html>

408 Request Time-out

HTTP/1.1 408 Request Time-out
Connection: close
<html>
<head>
<title>408 Request Time-out</title>
</head>
<body>
<h1>Request Time-out</h1>
<p>Server timeout waiting for the HTTP request from the client.</p>
</body>
</html>

409 Conflict

HTTP/1.1 409 Conflict
<html>
<head>
<title>409 Conflict</title>
</head>
<body>
<h1>Conflict</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

410 Gone

HTTP/1.1 410 Gone
<html>
<head>
<title>410 Gone</title>
</head>
<body>
<h1>Gone</h1>
<p>The requested resource<br />/e/410<br />is no longer available on this server and there is no forwarding address.
    Please remove all references to this resource.</p>
</body>
</html>

411 Length Required

HTTP/1.1 411 Length Required
Connection: close
<html>
<head>
<title>411 Length Required</title>
</head>
<body>
<h1>Length Required</h1>
<p>A request of the requested method GET requires a valid Content-length.</p>
</body>
</html>

412 Precondition Failed

HTTP/1.1 412 Precondition Failed
<html>
<head>
<title>412 Precondition Failed</title>
</head>
<body>
<h1>Precondition Failed</h1>
<p>The precondition on the request for the URL /e/412 evaluated to false.</p>
</body>
</html>

413 Request Entity Too Large

HTTP/1.1 413 Request Entity Too Large
Connection: close<html>
<head>
<title>413 Request Entity Too Large</title>
</head>
<body>
<h1>Request Entity Too Large</h1>
The requested resource<br />/e/413<br />does not allow request data with GET requests, or the amount of data provided in
the request exceeds the capacity limit.
</body>
</html>

414 Request-URI Too Large

HTTP/1.1 414 Request-URI Too Large
Connection: close<html>
<head>
<title>414 Request-URI Too Large</title>
</head>
<body>
<h1>Request-URI Too Large</h1>
<p>The requested URL's length exceeds the capacity
    limit for this server.</p>
</body>
</html>

415 Unsupported Media Type

HTTP/1.1 415 Unsupported Media Type<html>
<head>
<title>415 Unsupported Media Type</title>
</head>
<body>
<h1>Unsupported Media Type</h1>
<p>The supplied request data is not in a format
    acceptable for processing by this resource.</p>
</body>
</html>

416 Requested Range Not Satisfiable

HTTP/1.1 416 Requested Range Not Satisfiable

417 Expectation Failed

HTTP/1.1 417 Expectation Failed<html>
<head>
<title>417 Expectation Failed</title>
</head>
<body>
<h1>Expectation Failed</h1>
<p>The expectation given in the Expect request-header
    field could not be met by this server.</p>
<p>The client sent<pre>
    Expect: </p>
</body>
</html>

418 I'm a teapot

HTTP/1.1 418 I'm a teapot<html>
<head>
<title>418 I'm a teapot</title>
</head>
<body>
<h1>I'm a teapot</h1>
<p>Unfortunately this coffee machine is out of coffee.</p>
</body>
</html>

419 unused

HTTP/1.1 419 unused<html>
<head>
<title>419 unused</title>
</head>
<body>
<h1>unused</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

420 unused

HTTP/1.1 420 unused<html>
<head>
<title>420 unused</title>
</head>
<body>
<h1>unused</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

421 unused

HTTP/1.1 421 unused<html>
<head>
<title>421 unused</title>
</head>
<body>
<h1>unused</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

422 Unprocessable Entity

HTTP/1.1 422 Unprocessable Entity<html>
<head>
<title>422 Unprocessable Entity</title>
</head>
<body>
<h1>Unprocessable Entity</h1>
<p>The server understands the media type of the
    request entity, but was unable to process the
    contained instructions.</p>
</body>
</html>

423 Locked

HTTP/1.1 423 Locked<html>
<head>
<title>423 Locked</title>
</head>
<body>
<h1>Locked</h1>
<p>The requested resource is currently locked.
    The lock must be released or proper identification
    given before the method can be applied.</p>
</body>
</html>

424 Failed Dependency

HTTP/1.1 424 Failed Dependency<html>
<head>
<title>424 Failed Dependency</title>
</head>
<body>
<h1>Failed Dependency</h1>
<p>The method could not be performed on the resource
    because the requested action depended on another
    action and that other action failed.</p>
</body>
</html>

425 No code

HTTP/1.1 425 No code<html>
<head>
<title>425 No code</title>
</head>
<body>
<h1>No code</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

426 Upgrade Required

HTTP/1.1 426 Upgrade Required<html>
<head>
<title>426 Upgrade Required</title>
</head>
<body>
<h1>Upgrade Required</h1>
<p>The requested resource can only be retrieved
    using SSL.  The server is willing to upgrade the current
    connection to SSL, but your client doesn't support it.
    Either upgrade your client, or try requesting the page
    using https:// </p>
</body>
</html>

500 Internal Server Error

HTTP/1.1 500 Internal Server Error
Connection: close<html>
<head>
<title>500 Internal Server Error</title>
</head>
<body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body>
</html>

501 Method Not Implemented

HTTP/1.1 501 Method Not Implemented
Allow: TRACE
Connection: close<html>
<head>
<title>501 Method Not Implemented</title>
</head>
<body>
<h1>Method Not Implemented</h1>
<p>GET to /e/501 not supported.</p>
</body>
</html>

502 Bad Gateway

HTTP/1.1 502 Bad Gateway
X-Pad: avoid browser bug<html>
<head>
<title>502 Bad Gateway</title>
</head>
<body>
<h1>Bad Gateway</h1>
<p>The proxy server received an invalid
    response from an upstream server.</p>
</body>
</html>

503 Service Temporarily Unavailable

HTTP/1.1 503 Service Temporarily Unavailable
Connection: close<html>
<head>
<title>503 Service Temporarily Unavailable</title>
</head>
<body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily unable to service your
    request due to maintenance downtime or capacity
    problems. Please try again later.</p>
</body>
</html>

504 Gateway Time-out

HTTP/1.1 504 Gateway Time-out<html>
<head>
<title>504 Gateway Time-out</title>
</head>
<body>
<h1>Gateway Time-out</h1>
<p>The proxy server did not receive a timely response
    from the upstream server.</p>
</body>
</html>

505 HTTP Version Not Supported

HTTP/1.1 505 HTTP Version Not Supported<html>
<head>
<title>505 HTTP Version Not Supported</title>
</head>
<body>
<h1>HTTP Version Not Supported</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

506 Variant Also Negotiates

HTTP/1.1 506 Variant Also Negotiates<html>
<head>
<title>506 Variant Also Negotiates</title>
</head>
<body>
<h1>Variant Also Negotiates</h1>
<p>A variant for the requested resource
    <pre>
    /e/506
    </pre>
    is itself a negotiable resource. This indicates a configuration error.</p>
</body>
</html>

507 Insufficient Storage

HTTP/1.1 507 Insufficient Storage<html>
<head>
<title>507 Insufficient Storage</title>
</head>
<body>
<h1>Insufficient Storage</h1>
<p>The method could not be performed on the resource
    because the server is unable to store the
    representation needed to successfully complete the
    request.  There is insufficient free space left in
    your storage allocation.</p>
</body>
</html>

508 unused

HTTP/1.1 508 unused<html>
<head>
<title>508 unused</title>
</head>
<body>
<h1>unused</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

509 unused

HTTP/1.1 509 unused
<html>
<head>
<title>509 unused</title>
</head>
<body>
<h1>unused</h1>
<p>The server encountered an internal error or misconfigurationand was unable to complete your request.</p>
<p>Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p>
<p>More information about this error may be available in the server error log.</p>
</body>
</html>

510 Not Extended

HTTP/1.1 510 Not Extended
X-Pad: avoid browser bug
<html>
<head>
<title>510 Not Extended</title>
</head>
<body>
<h1>Not Extended</h1>
<p>A mandatory extension policy in the request is not
    accepted by the server for this resource.</p>
</body>
</html>

Apache Source Code

httpd.h

From httpd.h

/**
* The size of the static array in http_protocol.c for storing
* all of the potential response status-lines (a sparse table).
* A future version should dynamically generate the apr_table_t at startup.
*/
#define RESPONSE_CODES 57
#define HTTP_CONTINUE            100
#define HTTP_SWITCHING_PROTOCOLS       101
#define HTTP_PROCESSING          102
#define HTTP_OK              200
#define HTTP_CREATED             201
#define HTTP_ACCEPTED            202
#define HTTP_NON_AUTHORITATIVE       203
#define HTTP_NO_CONTENT          204
#define HTTP_RESET_CONTENT         205
#define HTTP_PARTIAL_CONTENT         206
#define HTTP_MULTI_STATUS          207
#define HTTP_MULTIPLE_CHOICES        300
#define HTTP_MOVED_PERMANENTLY       301
 
#define HTTP_MOVED_TEMPORARILY       302
#define HTTP_SEE_OTHER           303
#define HTTP_NOT_MODIFIED          304
#define HTTP_USE_PROXY           305
#define HTTP_TEMPORARY_REDIRECT      307
#define HTTP_BAD_REQUEST           400
#define HTTP_UNAUTHORIZED          401
#define HTTP_PAYMENT_REQUIRED        402
#define HTTP_FORBIDDEN           403
#define HTTP_NOT_FOUND           404
#define HTTP_METHOD_NOT_ALLOWED      405
#define HTTP_NOT_ACCEPTABLE        406
#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
#define HTTP_REQUEST_TIME_OUT        408
#define HTTP_CONFLICT            409
#define HTTP_GONE              410
#define HTTP_LENGTH_REQUIRED         411
#define HTTP_PRECONDITION_FAILED       412
#define HTTP_REQUEST_ENTITY_TOO_LARGE    413
#define HTTP_REQUEST_URI_TOO_LARGE     414
#define HTTP_UNSUPPORTED_MEDIA_TYPE    415
#define HTTP_RANGE_NOT_SATISFIABLE     416
#define HTTP_EXPECTATION_FAILED      417
#define HTTP_UNPROCESSABLE_ENTITY      422
#define HTTP_LOCKED            423
#define HTTP_FAILED_DEPENDENCY       424
#define HTTP_UPGRADE_REQUIRED        426
#define HTTP_INTERNAL_SERVER_ERROR     500
#define HTTP_NOT_IMPLEMENTED         501
#define HTTP_BAD_GATEWAY           502
#define HTTP_SERVICE_UNAVAILABLE       503
#define HTTP_GATEWAY_TIME_OUT        504
#define HTTP_VERSION_NOT_SUPPORTED     505
#define HTTP_VARIANT_ALSO_VARIES       506
#define HTTP_INSUFFICIENT_STORAGE      507
#define HTTP_NOT_EXTENDED          510
 
/** is the status code informational */
#define ap_is_HTTP_INFO(x)     (((x) >= 100)&&((x) < 200))
/** is the status code OK ?*/
#define ap_is_HTTP_SUCCESS(x)    (((x) >= 200)&&((x) < 300))
/** is the status code a redirect */
#define ap_is_HTTP_REDIRECT(x)   (((x) >= 300)&&((x) < 400))
/** is the status code a error (client or server) */
#define ap_is_HTTP_ERROR(x)    (((x) >= 400)&&((x) < 600))
/** is the status code a client error  */
#define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500))
/** is the status code a server error  */
#define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600))
/** is the status code a (potentially) valid response code?  */
#define ap_is_HTTP_VALID_RESPONSE(x) (((x) >= 100)&&((x) < 600))
 
/** should the status code drop the connection */
#define ap_status_drops_connection(x) \
(((x) == HTTP_BAD_REQUEST)       || \
((x) == HTTP_REQUEST_TIME_OUT)    || \
((x) == HTTP_LENGTH_REQUIRED)     || \
((x) == HTTP_REQUEST_ENTITY_TOO_LARGE) || \
((x) == HTTP_REQUEST_URI_TOO_LARGE) || \
((x) == HTTP_INTERNAL_SERVER_ERROR) || \
((x) == HTTP_SERVICE_UNAVAILABLE) || \
((x) == HTTP_NOT_IMPLEMENTED))

HTTP_INFO

Is the status code (x) informational?

x >= 100 && x < 200

HTTP_SUCCESS

Is the status code (x) OK?

x >= 200 && x < 300

HTTP_REDIRECT

Is the status code (x) a redirect?

x >= 300 && x < 400

HTTP_ERROR

Is the status code (x) a error (client or server)?

x >= 400 && x < 600

HTTP_CLIENT_ERROR

Is the status code (x) a client error?

x >= 400 && x < 500

HTTP_SERVER_ERROR

Is the status code (x) a server error?

x >= 500 && x < 600

HTTP_VALID_RESPONSE

Is the status code (x) a (potentially) valid response code?

x >= 100 && x < 600

http_protocol.c

From http_protocol.c

static const char * status_lines[RESPONSE_CODES] =
static const char * const status_lines[RESPONSE_CODES] =
"100 Continue",
"101 Switching Protocols",
"102 Processing",
"200 OK",
"201 Created",
"202 Accepted",
"203 Non-Authoritative Information",
"204 No Content",
"205 Reset Content",
"206 Partial Content",
"207 Multi-Status",
"300 Multiple Choices",
"301 Moved Permanently",
"302 Found",
"303 See Other",
"304 Not Modified",
"305 Use Proxy",
"306 unused",
"307 Temporary Redirect",
"400 Bad Request",
"401 Authorization Required",
"402 Payment Required",
"403 Forbidden",
"404 Not Found",
"405 Method Not Allowed",
"406 Not Acceptable",
"407 Proxy Authentication Required",
"408 Request Time-out",
"409 Conflict",
"410 Gone",
"411 Length Required",
"412 Precondition Failed",
"413 Request Entity Too Large",
"414 Request-URI Too Large",
"415 Unsupported Media Type",
"416 Requested Range Not Satisfiable",
"417 Expectation Failed",
"418 unused",
"419 unused",
"420 unused",
"421 unused",
"422 Unprocessable Entity",
"423 Locked",
"424 Failed Dependency",
"425 No code",
"426 Upgrade Required",
"500 Internal Server Error",
"501 Method Not Implemented",
"502 Bad Gateway",
"503 Service Temporarily Unavailable",
"504 Gateway Time-out",
"505 HTTP Version Not Supported",
"506 Variant Also Negotiates",
"507 Insufficient Storage",
"508 unused",
"509 unused",
"510 Not Extended"

IANA HTTP Status Code Registry

WordPress 2.8 Changes

I just learned that my modification to the WordPress core was accepted and will be implemented for version 2.8! This may mean WordPress is the only 100% HTTP/1.1 compliant software on the net! Below is the new list (I thought someone out there could use the php array) and as you can see, unfortunately418 I'm a teapotdidn't make it ;)

$wp_header_to_desc = array(
  100 => 'Continue',
  101 => 'Switching Protocols',
  102 => 'Processing',
 
  200 => 'OK',
  201 => 'Created',
  202 => 'Accepted',
  203 => 'Non-Authoritative Information',
  204 => 'No Content',
  205 => 'Reset Content',
  206 => 'Partial Content',
  207 => 'Multi-Status',
  226 => 'IM Used',
 
  300 => 'Multiple Choices',
  301 => 'Moved Permanently',
  302 => 'Found',
  303 => 'See Other',
  304 => 'Not Modified',
  305 => 'Use Proxy',
  306 => 'Reserved',
  307 => 'Temporary Redirect',
 
  400 => 'Bad Request',
  401 => 'Unauthorized',
  402 => 'Payment Required',
  403 => 'Forbidden',
  404 => 'Not Found',
  405 => 'Method Not Allowed',
  406 => 'Not Acceptable',
  407 => 'Proxy Authentication Required',
  408 => 'Request Timeout',
  409 => 'Conflict',
  410 => 'Gone',
  411 => 'Length Required',
  412 => 'Precondition Failed',
  413 => 'Request Entity Too Large',
  414 => 'Request-URI Too Long',
  415 => 'Unsupported Media Type',
  416 => 'Requested Range Not Satisfiable',
  417 => 'Expectation Failed',
  422 => 'Unprocessable Entity',
  423 => 'Locked',
  424 => 'Failed Dependency',
  426 => 'Upgrade Required',
 
  500 => 'Internal Server Error',
  501 => 'Not Implemented',
  502 => 'Bad Gateway',
  503 => 'Service Unavailable',
  504 => 'Gateway Timeout',
  505 => 'HTTP Version Not Supported',
  506 => 'Variant Also Negotiates',
  507 => 'Insufficient Storage',
  510 => 'Not Extended'
);

RIPE WHOIS

All the status codes are standard HTTP codes ( http://www.iana.org/assignments/http-status-codes ).

Clients should avoid any form of coupling with the the text/plain error message contained in response body since it may change between different releases of the API and is only intended as a starting point for indentifying the real causes of the exception event.

The following table gives a brief description of the mapping between standard Whois V.3 responses and the related REST services status codes. Consider this table as just an example of the error mapping strategy, it may change with future releases.

Clients will have to define error messages generic enough to represent the four main error conditions, that are Bad Request, Forbidden, Not Found and Internal Server Error.

For example a possible mapping for client side error messages may be:

Helpful HTTP Links

1. IANA registry
2. Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)
3. Adobe Flash status code definitions (ie 408)
4. Microsoft Internet Information Server Status Codes and Sub-Codes
5. httplint
6. HTTP Headers, brief intro.
7. Common User-Agent Issues
8. [RFC2295] Holtman, K. and A.H. Mutz , " Transparent Content Negotiation in HTTP ", RFC 2295, March 1998.
9. [RFC2518] Goland, Y. , Whitehead, E. , Faizi, A. , Carter, S.R. , and D. Jensen , " HTTP Extensions for Distributed Authoring -- WEBDAV ", RFC 2518, February 1999.
10. [RFC2616] Fielding, R. , Gettys, J. , Mogul, J. , Frystyk, H. , Masinter, L. , Leach, P. , and T. Berners-Lee , " Hypertext Transfer Protocol -- HTTP/1.1 ", RFC 2616, June 1999.
11. [RFC2774] Nielsen, H. , Leach, P. , and S. Lawrence , " An HTTP Extension Framework ", RFC 2774, February 2000.
12. [RFC2817] Khare, R. and S. Lawrence, " Upgrading to TLS Within HTTP/1.1 ", RFC 2817, May 2000.
13. [RFC3229] Mogul, J., Krishnamurthy, B., Douglis, F., Feldmann, A., Goland, Y., van Hoff, A., and D. Hellerstein, " Delta encoding in HTTP ", RFC 3229, January 2002.
14. [RFC4918] Dusseault, L., Ed. , " HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) ", RFC 4918, June 2007.

HTTP Status Codes and Htaccess ErrorDocuments originally appeared on AskApache.com

Mac Address Vendor Lookup originally appeared on AskApache.com

Advanced Web Development by AskApache is a Firefox Collection I created for myself to make finding and installing my favorite Firefox Add-ons simple and easy.

My Setup

As this screenshot shows, I only use a handful of add-ons at a time. These buttons allow me to clear the DNS/Cookies/Cache for whichever site I'm on when I click it. Very very helpful for me as a web designer. The 4th button there is just a restart button. Other than those, Firebug, YSlow, LastPass, and Web Developer are the only ones I always use regularly.

I like the idea of the last.fm but it's not as powerful as the site, which is awesome. Lately I've been listening to Kings of Leon Radio...

Slow Firefox

The more add-ons you have, disabled or not, the slower Firefox is. (unless you are running your profile folder in TMPFS). Also, bookmarks and settings like that have a performance hit. I have been using Firefox since it launched way back when, and I have always kept my bookmarks when moving to new machines and new installations.. So with over 5 thousand bookmarks I finally did some debugging and discovered that was a huge cause of Firefox acting slow. Now I am trying to migrate them all over to Google's Gmarks, which knowing Google will be awesome eventually.

Multiple Firefox Installations, Sorta

The solution to all these problems is to use separate Firefox profiles which use separate folders to store your profile-specific extensions and settings. So I have profiles with upwards of 40 Addons installed and enabled, and another profile that is built for speed... It's very very slow to be running Firebug and have multiple tabs open.. You can use the profilemanager to load them specific profiles from the command line. I personally use separate icons on my Windows Quick Launch that I just modified the shortcut pointing to firefox to also have the profile commandline. Note also that you can have multiple profiles open and running simultaneously.. This lets you do some crazy networking and other random hacks like having many Firefox instances running each of which is configured to use a separate SOCKS Proxy or network interface, so you can really open up those pipes for some intense txrx.

You can do some very powerful things with Firefox that most people are unaware of, if you are interested start with these:

• Setting up an extension development environment
• Firefox Command Line Options

About This Collection

Web Development Add-ons for Advanced Web Developers. I personally use these to work on Sites, Servers, WordPress, Javascript, PHP, CSS, XHTML, validation, page-loading, SEO, optimizing, and much more. Add this collection.

Created by:AskApache

Updated:September 22, 2009

Share this Collection

• Digg this!
• Post to Facebook
• Add to Delicious
• Post to MySpace
• Share on FriendFeed
• Post to Twitter

Firefox Add-ons for Web Developers originally appeared on AskApache.com

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

I've used just about every CMS/Blog/Forum/Trac/Gallery/etc) and really didn't like a lot of the way they coded... I could use php but I didn't KNOW php.. so I've had to learn php also, and it was tough to learn the advanced class usage and all the other language specific (but similar) constructs for php. It was especially difficult (but fun and challenging) to program so as to be compatible with php4 and php5 (Such is WordPress). But I kept at it, and soon you can decide for yourself what to make of it.

I can code in plenty of languages (bash, lua, windows .bat and vbs, ocaml, big fan of all things shell) and can work my way through C and even sorta somewhat with assembly. Assembly is the hardest, by far, I'm into easy and powerful languages like Python, Javascript, perl, php, ruby, and CGI. I've used PHP for a long time to do various things, but never to build software projects like this. Once I noticed WordPress's core .php files and the excellent programming I wanted to try and learn hot to do it. The WordPress code is some of the best I've seen. It appears the way they built it was planned, and not just dreamt up while typing that I can't help but do. Every time I read through the core code I learn a new trick or very nice way to do something. Those guys are really good, and I think WordPress is going to dominate for a long long time.

The Strategy

The Password Protection (passpro) plugin has a lot of complex stuff going on, especially for a newbie to PHP and WordPress like me, so after refactoring the whole thing at least 5 times I decided to modify my approach, and wrote the AskApache Google 404 Plugin as a way to practice on a simpler piece of code, while at the same time providing a plugin of value. Eventually I stopped thinking I could just code the whole thing in one sit-down with a stream-of-consciousness, and had to instead modularize the code and focus in on each part before moving to the next (I go without a plan because its fun, just not the most productive, but again, I'm not a programmer in the scientific sense.).

So I decided I had to really learn how WordPress Plugins work, filters, hooks, actions, and basically comfortability at reverse-engineering code, (Im a beginner for the last time), and so with the upcoming release of the AskApache Google 404 Plugin I have succeeded in making an incredibly stable plugin. That way I only have to worry about what the aapasspro plugin is doing, instead of trying to fit it into a framework.

AskApache Google 404 Upgrade

I think its rather unusual to develop a nice plugin like this 404 handler merely for the purpose of improving upon another plugin, but hey it worked. As of 08/03/2009 14:06PM EST I have about 1 hour left of finishing touches to release this upgrade. But as you cantell by my badly edited posts, I don't have a lot of time to myself. An hour here and there is about it. So it could be up to 2 weeks before I actually have the time to commit the release to the repo. On a sidenote, have you checked out Windows 7 News? I've been contracted to do some technical work for them and thought they had an excellent site.

But keep in mind, the 404 PLugin is just where I practice for the passpro plugin, which truly does have features that no other software like it has ever had. I understand the technology behind this plugin, and know it would really have a great impact on improving the Web (esp. WordPress) for all of us, I've just had to learn how to make it.

AskApache Password Protection

Probably still a couple weeks away, this plugin is the ultimate culmination of apache hackers dreams, at least those on shared servers (who may be interested in learning how to bypass security of said servers).. So this is something I have much too fun with doing what I like to do.. network/protocol-level security. I've examined the source code for many software packages that I use or have used to audit a server's security, and this simple php plugin in most instances can enumerate with accuraccy most of the server's setup in about a minute. The catch (and the file permission problems I had to find a workaround too) is that this software is launched on the server, not remotely against the server.

Some of the software I examined was whiskers, nessus, nmap, hping, mozilla source, wireshark, ncftp, netcat, etc.. The closest comparison to the socket-level class I've hacked together to those is wireshark. Except that wireshark only interprets (captures) the data passing over the wire, while this class does that and in fact sends and receives the data like netcat or nmap. Its really more similar to metasploit, and can easily be used to send hex, binary, ascii, or any type of payload to the remote or local host.

The Upgrades Begin

Well I started working on them a long time ago. Both the Password Protection plugin and the Google 404 plugin needed serious work. And I finally have it all figured out. Essentially I would work on one and finish an upgrade, but I just wasn't happy with it and I wold start all over again, refactoring the code. So as I put the finishing touches on those 2 plugins keep an eye out. They are major upgrades. I was able to meet all the goals I had for them, and came up with a lot of more improvements during the process.One of the main things I needed was a socket-level class to perform all kinds of checks and tests on. I need this also for my crazy cache plugin, which my blog is currently using , and I have a 2 more really nice pplugins I use that also needed access to a network class. I wrote about what I was doing with fsockopen, and I've been improving on that example ever since. I use this class to do some really powerful and exciting stuff, but you'll see it soon enough. As an indication of 'getting it right' for the Password Protection plugin, the plugin will now work on Windows, Apache, IIS, Lighthttpd, and will even work running on a blackberry web server. So now everyone using wordpress can at least get some security()

Many of the the other improvements focus on using the fsockopen class and .htaccess tricks to basically enumerate and discover all the different capabilities of your particular server; That way you can learn about all the features and security that are possible for your specific server, and the securty modules wi8ll be geared for that as well. FINALLY this plugin is going to be stable, and I just cant wait to see how people react when they learn all great capability their Apache-based Server has that they didn't have a clue about. Its amazing in that sense, and hackers will love theh way it works.. but your server admins will love it even more because its entirely 100% focused on helping you to set your site up (if you have Apache) to keep spammers out, to keep virii-serving robots and their log-hogging exploit requests and CPU/Mem robiing 404 errors off of your servers for real. This will have a noticeable affect to whoever is running the server. As you can tell.. I am pumped!

Apache can only be influenced by the main server configs and by .htaccess files. Not by php, not by perl, and the main configs are almost never accessible to the masses. But .htaccess files are. And many hosting providers allow and enable .htaccess files, a configuration file for your web server. The advanced features and capabilities of Apache were out of reach for most of us, it just wasn't possible to enumerate or access, and most hosting providers are infamous for their lack of .htaccess (customer) support. This plugin goes around those problems to give the power back to the people.

Here are a few examples of the capabilities of this plugin, some of which I believe no other software can do.. (Open source free to copy!).

1. Current Version of Apache (Down to the API Version)
2. List of ALL Modules currently enabled by Apache (Such as Mod_Rewrite)
3. List of ALL Directives enabled by EACH enabled Module.
4. Enumerate .htaccess Overrides, Context Permissions
5. Test for any builtin Handlers (like the status handler screenshot)
6. Configure SSI (http://www.askapache.com/htaccess/advanced-htaccess-ssi.html#htaccess-ssi-security)

March 1, 2009
I would focus on the method that WordPress uses. The code they have now (2.8 bleeding-edge) still isn't where it needs to be, but this is some difficult stuff and they have a brilliant start, it'll work.. just a question of when.

The main issue with the password protection plugin working for some people and not others is due to file permission configurations. The plugin attempts to write/modify files in your blog's root directory.

November 05, 2008
To make a long story short, I downloaded each major release of the apache httpd source code starting at version 1.3.0 and finishing with version 2.2.11, I then compiled each version and built a HTTPD from source for all these apache versions.

• 1.3.0
• 1.3.1
• 1.3.11
• 1.3.12
• 1.3.14
• 1.3.17
• 1.3.19
• 1.3.2
• 1.3.20
• 1.3.22
• 1.3.23
• 1.3.24
• 1.3.27
• 1.3.28

• 1.3.29
• 1.3.3
• 1.3.31
• 1.3.32
• 1.3.33
• 1.3.34
• 1.3.35
• 1.3.36
• 1.3.37
• 1.3.39
• 1.3.4
• 1.3.41
• 1.3.6
• 1.3.9

• 2.0.35
• 2.0.36
• 2.0.39
• 2.0.40
• 2.0.42
• 2.0.43
• 2.0.44
• 2.0.45
• 2.0.46
• 2.0.47
• 2.0.48
• 2.0.49
• 2.0.50
• 2.0.51

• 2.0.52
• 2.0.53
• 2.0.54
• 2.0.55
• 2.0.58
• 2.0.59
• 2.0.61
• 2.0.63
• 2.1.3-beta
• 2.1.6-alpha
• 2.1.7-beta
• 2.1.8-beta
• 2.1.9-beta

• 2.2.0
• 2.2.10
• 2.2.2
• 2.2.3
• 2.2.4
• 2.2.6
• 2.2.8
• 2.2.9
• 2.2.10
• 2.2.11

Then I went through each version and determined the compatible modules for that version, and I'm pretty confident that I was also able to find each and every directive allowed by the compatible modules for that version (including core directives). See .htaccess directive list. Basically I can now test a server using a variety of methods and determine almost 100% accurately what version of Apache (down to the API) is running, what modules (and versions) are enabled, and each and every directive that is allowed or disallowed for that version. So this is so awesome because now we can enable all sorts of additional security features.

Htaccess enabled Modules

Here are most of the modules that come with Apache. Each one can have new commands that can be used in .htaccess file scopes.

mod_actions, mod_alias, mod_asis, mod_auth_basic, mod_auth_digest, mod_authn_anon, mod_authn_dbd, mod_authn_dbm, mod_authn_default, mod_authn_file, mod_authz_dbm, mod_authz_default, mod_authz_groupfile, mod_authz_host, mod_authz_owner, mod_authz_user, mod_autoindex, mod_cache, mod_cern_meta, mod_cgi, mod_dav, mod_dav_fs, mod_dbd, mod_deflate, mod_dir, mod_disk_cache, mod_dumpio, mod_env, mod_expires, mod_ext_filter, mod_file_cache, mod_filter, mod_headers, mod_ident, mod_imagemap, mod_include, mod_info, mod_log_config, mod_log_forensic, mod_logio, mod_mem_cache, mod_mime, mod_mime_magic, mod_negotiation, mod_proxy, mod_proxy_ajp, mod_proxy_balancer, mod_proxy_connect, mod_proxy_ftp, mod_proxy_http, mod_rewrite, mod_setenvif, mod_speling, mod_ssl, mod_status, mod_substitute, mod_unique_id, mod_userdir, mod_usertrack, mod_version, mod_vhost_alias

Debugging HTTP protocol

Check this out! I'm particularly happy about this feature, which outputs an exact trace of any requests made by the plugin (such as during the testing phase) by saving the actual raw data sent out on the wire using fsockopen, RX and TX. This is useful for a number of reasons, viewing your headers, finding Redirect Loops, testing RewriteRules, and following the request hop-by-hop for debugging. The below example shows 2 requests for 2 URIs. The first URI is protected using Digest Authentication, the 2nd shows Basic.

 ______________
|  RAW TRACE   |
==================================================================================================================================
GET /htaccess/index.txt?testing=query HTTP/1.1
Host: www.askapache.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) AA_PassPro/1.9 (http://www.askapache.com/)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://www.askapache.com/
 
HTTP/1.1 401 Authorization Required
Date: Wed, 22 Jul 2009 06:29:58 GMT
Server: Apache
WWW-Authenticate: Digest realm="do or die", nonce="03328f3ec7c7b", algorithm=MD5, domain="/", qop="auth"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 882
Connection: close
Content-Type: text/html; charset=UTF-8
 
GET /htaccess/index.txt?testing=query HTTP/1.1
Host: www.askapache.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) AA_PassPro/1.9 (http://www.askapache.com/)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://www.askapache.com/
Authorization: Digest username="test",realm="do or die",nonce="03328f3ec7c7b",uri="/htaccess/index.txt?testing=query",
cnonce="82d057852a9dc497",nc=00000001,algorithm=MD5,response="9d476e9ea3",qop="auth"
 
HTTP/1.1 200 OK
Date: Wed, 22 Jul 2009 06:29:58 GMT
Server: Apache
Authentication-Info: rspauth="9051b01ee26dd62b3e2b40dada694f45", cnonce="82d057852a9dc497", nc=00000001, qop=auth
Last-Modified: Tue, 21 Jul 2009 23:56:00 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Wed, 22 Jul 2009 07:29:58 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8
```````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
 
 ______________
|  RAW TRACE   |
==================================================================================================================================
GET /htaccess/po.txt?testing=query HTTP/1.1
Host: www.askapache.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) AA_PassPro/1.9 (http://www.askapache.com/)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://www.askapache.com/
 
HTTP/1.1 401 Authorization Required
Date: Wed, 22 Jul 2009 06:29:58 GMT
Server: Apache
WWW-Authenticate: Basic realm="Po Pimping"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 878
Connection: close
Content-Type: text/html; charset=UTF-8
 
GET /htaccess/po.txt?testing=query HTTP/1.1
Host: www.askapache.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1) AA_PassPro/1.9 (http://www.askapache.com/)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://www.askapache.com/
Authorization: Basic adfAGAltcA==
 
HTTP/1.1 200 OK
Date: Wed, 22 Jul 2009 06:29:58 GMT
Server: Apache
Last-Modified: Wed, 22 Jul 2009 05:54:39 GMT
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Wed, 22 Jul 2009 07:29:58 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8
```````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````

.htaccess Directives

AcceptFilter, AcceptMutex, AcceptPathInfo, AccessFileName, Action, AddAlt, AddAltByEncoding, AddAltByType, AddCharset, AddDefaultCharset, AddDescription, AddEncoding, AddHandler, AddIcon, AddIconByEncoding, AddIconByType, AddInputFilter, AddLanguage, AddModuleInfo, AddOutputFilter, AddOutputFilterByType, AddType, Alias, AliasMatch, AllowCONNECT, AllowEncodedSlashes, AllowOverride, Anonymous, Anonymous_Authoritative, Anonymous_LogEmail, Anonymous_MustGiveEmail, Anonymous_NoUserID, Anonymous_NoUserId, Anonymous_VerifyEmail, AssignUserId, AuthAuthoritative, AuthBasicAuthoritative, AuthBasicProvider, AuthDBDUserPWQuery, AuthDBDUserRealmQuery, AuthDBM, AuthDBMAuthoritative, AuthDBMGroupFile, AuthDBMType, AuthDBMUserFile, AuthDefaultAuthoritative, AuthDigestAlgorithm, AuthDigestDomain, AuthDigestFile, AuthDigestGroupFile, AuthDigestNcCheck, AuthDigestNonceFormat, AuthDigestNonceLifetime, AuthDigestProvider, AuthDigestQop, AuthDigestShmemSize, AuthGroupFile, AuthLDAPAuthzEnabled, AuthLDAPBindDN, AuthLDAPBindON, AuthLDAPBindPassword, AuthLDAPCharsetConfig, AuthLDAPCompareDNOnServer, AuthLDAPDereferenceAliases, AuthLDAPEnabled, AuthLDAPFrontPageHack, AuthLDAPGroupAttribute, AuthLDAPGroupAttributeIsDN, AuthLDAPRemoteUserAttribute, AuthLDAPRemoteUserIsDN, AuthLDAPStartTLS, AuthLDAPURL, AuthLDAPUrl, AuthName, AuthType, AuthUserFile, AuthzDBMAuthoritative, AuthzDBMType, AuthzDefaultAuthoritative, AuthzGroupFileAuthoritative, AuthzLDAPAuthoritative, AuthzOwnerAuthoritative, AuthzUserAuthoritative, BS2000Account, BalancerMember, BrowserMatch, BrowserMatchNoCase, BufferedLogs, CGIMapExtension, CacheDefaultExpire, CacheDirLength, CacheDirLevels, CacheDisable, CacheEnable, CacheExpiryCheck, CacheFile, CacheForceCompletion, CacheGcClean, CacheGcDaily, CacheGcInterval, CacheGcMemUsage, CacheGcUnused, CacheIgnoreCacheControl, CacheIgnoreHeaders, CacheIgnoreNoLastMod, CacheLastModifiedFactor, CacheMaxExpire, CacheMaxFileSize, CacheMaxStreamingBuffer, CacheMinFileSize, CacheNegotiatedDocs, CacheRoot, CacheSize, CacheStoreNoStore, CacheStorePrivate, CacheTimeMargin, CharsetDefault, CharsetOptions, CharsetSourceEnc, CheckCaseOnly, CheckSpelling, ChildPerUserId, ContentDigest, CookieDomain, CookieExpires, CookieLog, CookieName, CookieStyle, CookieTracking, CoreDumpDirectory, CustomLog, DAV, DAVDepthInfinity, DAVGenericLockDB, DAVMinTimeout, DBDExptime, DBDKeep, DBDMax, DBDMin, DBDParams, DBDPersist, DBDPrepareSQL, DBDriver, Dav, DavDepthInfinity, DavGenericLockDB, DavLockDB, DavMinTimeout, DefaultIcon, DefaultLanguage, DefaultType, DeflateBufferSize, DeflateCompressionLevel, DeflateFilterNote, DeflateMemLevel, DeflateWindowSize, Directory, DirectoryIndex, DirectoryMatch, DirectorySlash, DocumentRoot, DumpIOInput, DumpIOOutput, EnableExceptionHook, EnableMMAP, EnableSendfile, ErrorDocument, ErrorLog, Example, ExpiresActive, ExpiresByType, ExpiresDefault, ExtFilterDefine, ExtFilterOptions, ExtendedStatus, FancyIndexing, FileETag, Files, FilesMatch, FilterChain, FilterDeclare, FilterProtocol, FilterProvider, FilterTrace, ForceLanguagePriority, ForceType, ForensicLog, GprofDir, GracefulShutdownTimeout, Group, Header, HeaderName, HostNameLookups, HostnameLookups, ISAIPFakeAsync, ISAPIAppendLogToErrors, ISAPIAppendLogToQuery, ISAPICacheFile, ISAPIFakeAsync, ISAPILogNotSupported, ISAPIReadAheadBuffer, IdentityCheck, IdentityCheckTimeout, IfDefine, IfModule, IfVersion, ImapBase, ImapDefault, ImapMenu, Include, IndexIgnore, IndexOptions, IndexOrderDefault, IndexStyleSheet, KeepAlive, KeepAliveTimeout, LDAPCacheEntries, LDAPCacheTTL, LDAPCertDBPath, LDAPConnectionTimeout, LDAPOpCacheEntries, LDAPOpCacheTTL, LDAPSharedCacheFile, LDAPSharedCacheSize, LDAPTrustedClientCert, LDAPTrustedGlobalCert, LDAPTrustedMode, LDAPVerifyServerCert, LanguagePriority, Limit, LimitExcept, LimitInternalRecursion, LimitRequestBody, LimitRequestFields, LimitRequestFieldsize, LimitRequestLine, LimitXMLRequestBody, Listen, ListenBacklog, LoadFile, LoadModule, Location, LocationMatch, LockFile, LogFormat, LogLevel, MCacheMaxObjectCount, MCacheMaxObjectSize, MCacheMaxStreamingBuffer, MCacheMinObjectSize, MCacheRemovalAlgorithm, MCacheSize, MMapFile, MaxClients, MaxKeepAliveRequests, MaxMemFree, MaxRequestsPerChild, MaxSpareServers, MaxSpareThreads, MaxSpareThreadsPerChild, MaxThreads, MetaDir, MetaFiles, MetaSuffix, MimeMagicFile, MinSpareServers, MinSpareThreads, ModMimeUsePathInfo, MultiviewsMatch, NWSSLTrustedCerts, NWSSLUpgradeable, NameVirtualHost, NoProxy, NumServers, Options, PassEnv, PerlAccessHandler, PerlAuthenHandler, PerlAuthzHandler, PerlChildExitHandler, PerlChildInitHandler, PerlCleanupHandler, PerlDispatchHandler, PerlFixupHandler, PerlFreshRestart, PerlHandler, PerlHeaderParserHandler, PerlInitHandler, PerlLogHandler, PerlModule, PerlPassEnv, PerlPostReadRequestHandler, PerlRequire, PerlRestartHandler, PerlSendHeader, PerlSetEnv, PerlSetVar, PerlSetupEnv, PerlTaintCheck, PerlTransHandler, PerlTypeHandler, PerlWarn, PidFile, Port, Protocol, ProtocolEcho, Proxy, ProxyBadHeader, ProxyBlock, ProxyDomain, ProxyErrorOverride, ProxyFtpDirCharset, ProxyIOBufferSize, ProxyMatch, ProxyMaxForwards, ProxyPass, ProxyPassInterpolateEnv, ProxyPassMatch, ProxyPassReverse, ProxyPassReverseCookieDomain, ProxyPassReverseCookiePath, ProxyPreserveHost, ProxyReceiveBufferSize, ProxyRemote, ProxyRemoteMatch, ProxyRequests, ProxySet, ProxyStatus, ProxyTimeout, ProxyVia, RLimitCPU, RLimitMEM, RLimitNPROC, ReadmeName, Redirect, RedirectMatch, RedirectPermanent, RedirectTemp, RemoveCharset, RemoveEncoding, RemoveHandler, RemoveInputFilter, RemoveLanguage, RemoveOutputFilter, RemoveType, RequestHeader, Require, RewriteBase, RewriteCond, RewriteEngine, RewriteLock, RewriteLog, RewriteLogLevel, RewriteMap, RewriteOptions, RewriteRule, SSIAccessEnable, SSIEndTag, SSIErrorMsg, SSIStartTag, SSITimeFormat, SSIUndefinedEcho, SSLCACertificateFile, SSLCACertificatePath, SSLCADNRequestFile, SSLCADNRequestPath, SSLCARevocationFile, SSLCARevocationPath, SSLCertificateChainFile, SSLCertificateFile, SSLCertificateKeyFile, SSLCipherSuite, SSLCryptoDevice, SSLEngine, SSLHonorCipherOrder, SSLLog, SSLLogLevel, SSLMutex, SSLOptions, SSLPassPhraseDialog, SSLProtocol, SSLProxyCACertificateFile, SSLProxyCACertificatePath, SSLProxyCARevocationFile, SSLProxyCARevocationPath, SSLProxyCipherSuite, SSLProxyEngine, SSLProxyMachineCertificateFile, SSLProxyMachineCertificatePath, SSLProxyProtocol, SSLProxyVerify, SSLProxyVerifyDepth, SSLRandomSeed, SSLRequire, SSLRequireSSL, SSLSessionCache, SSLSessionCacheTimeout, SSLUserName, SSLVerifyClient, SSLVerifyDepth, Satisfy, ScoreBoardFile, Script, ScriptAlias, ScriptAliasMatch, ScriptInterpreterSource, ScriptLog, ScriptLogBuffer, ScriptLogLength, ScriptStock, SecureListen, SendBufferSize, ServerAdmin, ServerAlias, ServerLimit, ServerName, ServerPath, ServerRoot, ServerSignature, ServerTokens, SetEnv, SetEnvIf, SetEnvIfNoCase, SetHandler, SetInputFilter, SetOutputFilter, StartServers, StartThreads, Substitute, SuexecUserGroup, ThreadLimit, ThreadStackSize, ThreadsPerChild, TimeOut, Timeout, TraceEnable, TransferLog, TypeAuthDBMUserFile, TypesConfig, UnsetEnv, UseCanonicalName, UseCanonicalPhysicalPort, User, UserDir, VirtualDocumentRoot, VirtualDocumentRootIP, VirtualHost, VirtualScriptAlias, VirtualScriptAliasIP, Win32DisableAcceptEx, XBitHack, allow, deny, order, php_admin_flag, php_admin_value, php_flag, php_value

You can view the plugins home page, old, or view it on the wordpress.org site.

An AskApache Plugin Upgrade to Rule them All originally appeared on AskApache.com

List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.

You may be looking for the article: Vulnerability Scanners Review, or Top 5 Vulnerability Port Scanners

Obscure/Rare Security Software

rwhois

really great addition to using whois. Get additional info not on whois, query rwhois servers.

lft

useful alternative method of tracerouteing. oppleman

packit

define (spoof) nearly all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options

etherape

really cool graphical program that displays connections and protocols similar to cheops.

amap

fingerprinting

xprobe2

fingerprinting

p0f2

really exceptional fingerprinting. can be passively run in the BG.

firewalk

good packetfiltering enumerator

BGPview

bgp anyone?

icmpenum

icmp fingerprinting

dnstracer

awesome and creative graphical output of dns

ssldump

not really that useful but impressive in a report

ftester

for master pentesters only — get the lowdown on your packetfiltering

mtr

alternative traceroute

MRTG

favorite tool of ISPs, many uses here

host

don't forget this one

ike-scan

scan for vpns

upnpscan

scan for upnp devices

ftp-spider

get info on ftp server

traceproto

very nice alternative to traceroute/firewalk

sing

packet crafting

nmbscan

NBM Scanner

nbtscan

NBT Scanner

admsmb

ADMsmb

netleak

Netleak

dmitry

 

sara

Original security auditing software

isic

ISIC

dnsa

DNS

nemesis

Packet Crafting

zodiacdns

DNS Hacking

fragroute

Fragmented Packet Crafter/Scanner

sentry 2.0

 

Caecus

 

C-Parse

 

ftester

Master Pentesting Tool, Map out the filtering of your firewall with internal and external nodes

pchar

More common security programs

Nessus

Premier UNIX vulnerability assessment tool - Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated, with more than 11,000 plugins for the free (but registration and EULA-acceptance required) feed. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.

Wireshark

Sniffing the glue that holds the Internet together - Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploi security holes, so stay up-to-date and be wary of running it on unusted or hostile networks (such as security conferences).

Snort

A Everyone's favorite open source IDS - This lightweight network inusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts. Open source Snort works fine for many individuals, small businesses, and departments. Parent company SourceFire offers a complimentary product line with more enterprise-level features and real-time rule updates. They offer a free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at Bleeding Edge Snort.

Netcat

The network Swiss army knife - This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections. The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes even be hard to find nc110.tgz. The flexibility and usefulness of this tool have prompted people to write numerous other Netcat implementations - often with modern features not found in the original. One of the most interesting is Socat, which extends Netcat to support many other socket types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There is also Chris Gibson's Ncat, which offers even more features while remaining por and compact. Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and so-called GNU Netcat.

Metasploit Framework

Hack the Planet - Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical specum. Metasploit simply brought this capability to the masses.

Hping2

A network probing utility like ping on steroids - This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies. It was inspired by the ping command, but offers far more conol over the probes sent. It also has a handy aceroute mode and supports IP fragmentation. This tool is particularly useful when ying to aceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities. This often allows you to map out firewall rulesets. It is also great for learning more about TCP/IP and experimenting with IP protocols.

Kismet

A powerful wireless sniffer - Kismet is an console (ncurses) based 802.11 layer2 wireless network detector, sniffer, and inusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating

Tcpdump

The classic sniffer for network monitoring and data acquisition - Tcpdump is the IP sniffer we all used before Ethereal (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI or parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with fewer security holes. It also requires fewer system resources. While it doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for acking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap among many other tools.

Cain and Abel

The top password recovery tool for Windows - UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. It is also well documented.

John the Ripper

A powerful, flexible, and fast multi-platform password hash cracker - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with conibuted patches. You will want to start with some wordlists, which you can find here, here, or here.

Ettercap

In case you still thought switched LANs provide much exa security - Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geomey of the LAN.

Nikto

A more comprehensive web scanner - Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected.

Ping/telnet/dig/aceroute/whois/netsta

The basics - While there are many whiz-bang high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name acert). They can be very handy in a pinch, although for more advanced usage you may be better off with Hping2 and Netcat.

OpenSSH / PuTTY / SSH

A secure way to access remote computers - SSH (Secure Shell) is the now ubiquitous program for logging into or executing commands on a remote machine. It provides secure encrypted communications between two unusted hosts over an insecure network, replacing the hideously insecure telnet/rlogin/rsh alternatives. Most UNIX users run the open source OpenSSH server and client. Windows users often prefer the free PuTTY client, which is also available for many mobile devices. Other Windows users prefer the nice terminal-based port of OpenSSH that comes with Cygwin. Dozens of other free and proprietary clients exist. You can explore them here or here.

THC Hydra

A Fast network authentication cracker which support many different services - When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Like THC Amap this release is from the fine folks at THC.

Paros proxy

A web application vulnerability assessment proxy - A Java based web proxy for assessing web application vulnerability. It supports editing/viewing HTTP/HTTPS messages on-the-fly to change items such as cookies and form fields. It includes a web traffic recorder, web spider, hash calculator, and a scanner for testing common web application attacks such as SQL injection and cross-site scripting.

Dsniff

A suite of powerful network auditing and peneation-testing tools - This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. A separately maintained partial Windows port is available here. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs.

NetStumbler

Free Windows 802.11 Sniffer - Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also disibute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

THC Amap

An application fingerprinting scanner - Amap is a great tool for determining what application is listening on a given port. Their database isn't as large as what Nmap uses for its version detection feature, but it is definitely worth ying for a 2nd opinion or if Nmap fails to detect a service. Amap even knows how to parse Nmap output files. This is yet another valuable tool from the great guys at THC.

GFI LANguard

A commercial network security scanner for Windows - GFI LANguard scans IP networks to detect what machines are running. Then it ies to discern the host OS and what applications are running. I also ies to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry enies, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. A free ial version is available, though it only works for up to 30 days.

Aircrack

The fastest available WEP/WPA cracking tool - Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

Superscan

A Windows-only port scanner, pinger, and resolver - SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, aceroute, http head, and whois.

Netfilter

The current Linux kernel packet filter/firewall - Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace ips tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port anslation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see Openbsd PF (OpenBSD specific), or IP Filter. Many personal firewalls are available for Windows (Tiny,Zone Alarm, Norton, Kerio, ...), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it.

Retina

Commercial vulnerability assessment scanner by eEye - Like Nessus, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research.

Angry IP Scanner

A fast windows IP scanner and port scanner - Angry IP Scanner can perform basic host discovery and port scans on Windows. Its binary file size is very small compared to other scanners and other pieces of information about the target hosts can be extended with a few plugins.

RKHunter

An Unix Rootkit Detector - RKHunter is scanning tool that checks for signs of various pieces of nasty software on your system like rootkits, backdoors and local exploits. It runs many tests, including MD5 hash comparisons, default filenames used by rootkits, wrong file permissions for binaries, and suspicious sings in LKM and KLD modules.

Ike-scan

VPN detector/scanner - Ike-scan exploits ansport characteristics in the Internet Key Exchange (IKE) service, the mechanism used by VPNs to establish a connection between a server and a remote client. It scans IP addresses for VPN servers by sending a specially crafted IKE packet to each host within a network. Most hosts running IKE will respond, identifying their presence. The tool then remains silent and monitors reansmission packets. These reansmission responses are recorded, displayed and matched against a known set of VPN product fingerprints. Ike-scan can VPNs from manufacturers including Checkpoint, Cisco, Microsoft, Nortel, and Watchguard.

Arpwatch

Keeps ack of ethernet/IP address pairings and can detect certain monkey business Arpwatch is the classic ARP man-in-the-middle attack detector from LBNL's Network Research Group. It syslogs activity and reports certain changes via email. Arpwatch uses LibPcap to listen for ARP packets on a local ethernet interface.

KisMAC

A A GUI passive wireless stumbler for Mac OS X - This popular stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMAC offers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.

OSSEC HIDS

An Open Source Host-based Inusion Detection System - OSSEC HIDS performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. In addition to its IDS functionality, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.

Openbsd PF

The OpenBSD Packet Filter - Like Netfilter and IP Filter on other platforms, OpenBSD users love PF, their firewall tool. It handles network address anslation, normalizing TCP/IP traffic, providing bandwidth conol, and packet prioritization. It also offers some eccenic features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can ust that it has been well audited and coded to avoid the sort of security holes we have seen in other packet filters.

Nemesis

Packet injection simplified - The Nemesis Project is designed to be a commandline-based, por human IP stack for UNIX/Linux (and now Windows!). The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts. If you enjoy Nemesis, you might also want to look at Hping2 as they complement each other well.

Tor

An anonymous Internet communication system - Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. For a free cross-platform GUI, users recommend Vidalia

Knoppix

A general-purpose boo live system on CD or DVD - Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many nmap survey takers attest, a por security tool. For a security-specific Linux disibution see Backack.

ISS Internet Scanner

Application-level vulnerability assessment - Internet Scanner started off in '92 as a tiny open source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products.

Fport

Foundstone's enhanced netstat - Fport reports all open TCP/IP and UDP ports on the machine you run it on and shows what application opened each port. So it can be used to quickly identify unknown open ports and their associated applications. It only runs on Windows, but many UNIX systems now provided this information via netstat (y 'netstat -pan' on Linux). Here is a PDF-Format SANS article on using Fport and analyzing the results.

chkrootkit

Locally checks for signs of a rootkit - chkrootkit is a flexible, por tool that can check for many signs of rootkit inusion on Unix-based systems. Its features include detecting binary modification, utmp/wtmp/lastlog modifications, promiscuous interfaces, and malicious kernel modules.

SPIKE Proxy

HTTP Hacking - Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. It is part of the Spike Application Testing Suite and supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory aversal detection.

OpenBSD

The Proactively Secure Operating System - OpenBSD is one of the only operating systems to eat security as their very highest priority. Even higher than usability in some cases. But their enviable security record speaks for itself. They also focus on stability and fight to obtain documentation for the hardware they wish to support. Perhaps their greatest achievement was creating OpenSSH. OpenBSD users also love [pf], their firewall tool.

Yersinia

A multi-protocol low-level attack tool - Yersinia is a low-level protocol attack tool useful for peneation testing. It is capable of many diverse attacks over multiple protocols, such as becoming the root role in the Spanning ee (Spanning ee Protocol), creating virtual CDP (Cisco Discovery Protocol) neighbors, becoming the active router in a HSRP (Hot Standby Router Protocol) scenario, faking DHCP replies, and other low-level attacks.

Nagios

An open source host, service and network monitoring program - Nagios is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of network services (smtp, pop3, http, nntp, ping, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).

Fragroute / Fragrouter

A network inusion detection evasion toolkit - Fragrouter is a one-way fragmenting router - IP packets get sent from the attacker to the Fragrouter, which ansforms them into a fragmented data stream to forward to the victim. Many network IDS are unable or simply don't bother to reconsuct a coherent view of the network data (via IP fragmentation and TCP stream reassembly), as discussed in this classic paper. Fragrouter helps an attacker launch IP-based attacks while avoiding detection. It is part of the NIDSbench suite of tools by Dug Song. Fragroute is a similar tool which is also by Dug Song.

X-scan

A general scanner for scanning network vulnerabilities - A multi-threaded, plug-in-supported vulnerability scanner. X-Scan includes many features, including full NASL support, detecting service types, remote OS type/version detection, weak user/password pairs, and more. You may be able to find newer versions available here if you can deal with most of the page being written in Chinese.

Whisker/libwhisker

Rain.Forest.Puppy's CGI vulnerability scanner and library - Libwhisker is a Perl module geared geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favor of Nikto which also uses libwhisker.

Socat

A relay for bidirectional data ansfer - A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.

Sara

Security Auditor's Research Assistant - SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner. They y to release updates twice a month and y to leverage other software created by the open source community (such as Nmap and Samba).

QualysGuard

A web-based vulnerability scanner - Delivered as a service over the Web, QualysGuard eliminates the burden of deploying, maintaining, and updating vulnerability management software or implementing ad-hoc security applications. Clients securely access QualysGuard through an easy-to-use Web interface. QualysGuard features 5,000+ unique vulnerability checks, an Inference-based scanning engine, and automated daily updates to the QualysGuard vulnerability KnowledgeBase.

ClamAV

A GPL anti-virus toolkit for UNIX - ClamAV is a powerful AntiVirus scanner focused towards integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library disibuted with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date.

Burpsuite

An integrated platform for attacking web applications - Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyze, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Brutus

A network brute-force authentication cracker - This Windows-only cracker bangs against network services of remote systems ying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC Hydra.

Unicornscan

Not your mother's port scanner - Unicornscan is an attempt at a User-land Disibuted TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for inoducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Like Scanrand, it isn't for the faint of heart.

Stunnel

A general-purpose SSL cryptographic wrapper - The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (ine-star) or remote server. It can be used to add SSL functionality to commonly used ine daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.

Honeyd

Your own personal honeynet Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbiary services, and their TCP personality can be adapted so that they appear to be running certain versions of operating systems. Honeyd enables a single host to claim multiple addresses on a LAN for network simulation. It is possible to ping the virtual machines, or to aceroute them. Any type of service on the virtual machine can be simulated according to a simple configuration file. It is also possible to proxy services to another machine rather than simulating them. It has many library dependencies, which can make compiling/installing Honeyd difficult.

Fping

A parallel ping scanning program - fping is a ping(1) like program which uses the Internet Conol Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of ying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or rey limit it will be considered unreachable.

BASE

The Basic Analysis and Security Engine - BASE is a PHP-based analysis engine to search and process a database of security events generated by various IDSs, firewalls, and network monitoring tools. Its features include a query-builder and search interface for finding alerts matching different patterns, a packet viewer/decoder, and charts and statistics based on time, sensor, signature, protocol, IP address, etc.

Argus

A generic IP network ansaction auditing tool - Argus is a fixed-model Real Time Flow Monitor designed to ack and report on the status and performance of all network ansactions seen in a data network traffic stream. Argus provides a common data format for reporting flow meics such as connectivity, capacity, demand, loss, delay, and jitter on a per ansaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and meics, as well as application/protocol specific information.

Wikto

Web Server Assessment Tool - Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code.

Sguil

The Analyst Console for Network Security Monitoring - Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides realtime events from Snort/barnyard. It also includes other components which facilitate the practice of Network Security Monitoring and event driven analysis of IDS alerts.

Scanrand

An unusually fast stateless network service and topology discovery system - Scanrand is a stateless host-discovery and port-scanner similar in design to Unicornscan. It ades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu which was written by Dan Kaminsky.

IP Filter

Por UNIX Packet Filter - IP Filter is a software package that can be used to provide network address anslation (NAT) or firewall services. It can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. IP Filter is disibuted with FreeBSD, NetBSD, and Solaris. OpenBSD users should see Openbsd PF and Linux users Netfilter.

Canvas

A Comprehensive Exploitation Framework - Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 150 exploits and is less expensive than Core Impact, though it still costs thousands of dollars. You can also buy the optional VisualSploit Plugin for drag and drop GUI exploit creation. Zero-day exploits can occasionally be found within Canvas.

VMware

Multi-platform Virtualization Software - VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 OS will run inside the virtualized environment. It is also useful for setting up sandboxes. You can browse from within a VMware window so the even if you are infected with malware, it cannot reach your host OS. And recovering the guest OS is as simple as loading a "snapshot" from prior to the infection. VMware player (executes, but can't create OS images) and VMWare Server (partitions a physical server machine into multiple virtual machines) were recently released for free. Another interesting virtualization system (Linux focused) is Xen.

Tcpaceroute

A aceroute implementation using TCP packets - The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that the conventional aceroute(8) sends out (ICMP echo or UDP) end up being filtered, making it impossible to completely ace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcpaceroute is able to bypass the most common firewall filters.

SAINT

Security Adminisator's Integrated Network Tool - SAINT is another commercial vulnerability assessment tool (like Nessus, ISS Internet Scanner, or Retina). It runs on UNIX and used to be free and open source, but is now a commercial product.

OpenVPN

A full-featured SSL VPN solution - OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-conols. OpenVPN implements OSI layer 2 or 3 secure network extension using the indusy standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access conol policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library.

OllyDbg

An assembly level Windows debugger - OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, s, constants and sings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided.

Helix

A Linux Disibution with Computer Forensics in Mind - Helix is a customized disibution of the Knoppix Live Linux CD. Helix is more than just a boo live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been designed very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.

Bastille

Security hardening script for Linux, Mac OS X, and HP-UX - The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake disibutions, along with HP-UX and Mac OS X. Bastille's focuses on letting the system's user/adminisator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user's answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.

Acunetix Web Vulnerability Scanner

Commercial Web Vulnerability Scanner - Acunetix WVS automatically checks your web applications for vulnerabilities such as SQL Injection, cross site scripting, and weak password sength on authentication pages. Acunetix WVS boasts a comfor GUI and an ability to create professional website security audit reports.

trueCrypt

Open-Source Disk Encryption Software for Windows and Linux - trueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.

Watchfire AppScan

Commercial Web Vulnerability Scanner - AppScan provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more.

N-Stealth

Web server scanner - N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as Whisker/libwhisker and Nikto, but do take their web site with a grain of salt. The claims of "30,000 vulnerabilities and exploits" and "Dozens of vulnerability checks are added every day" are highly questionable. Also note that essentially all general VA tools such as Nessus, ISS Internet Scanner, Retina, SAINT, and Sara include web scanning components. They may not all be as up-to-date or flexible though. N-Stealth is Windows only and no source code is provided.

MBSA

Microsoft Baseline Security Analyzer - Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrasucture, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week.

COMPUTER SECURITY TOOLBOX originally appeared on AskApache.com

The goal of AskApache.com is simple - To provide free access to knowledge and data with the goal of empowering people.. or more melodramatically: "Power to the People!"

Why the name AskApache? AskApache was chosen to show and pay respect to the contributors of the Apache Web Server. Literally it means to ask Apache when facing a problem, by searching the Open-Source, contacting a board/list, or browsing the documentation.

Technology Interests

1. CSS
2. XHTML (strict!)
3. Javascript (unobtrusive, strict!)
4. NetSec (network security, hack the planet)
5. PHP, Python, Ruby, Perl, Ocaml, Shell-Scripting (strict mostly!)
6. AJAX (strict,crossbrowser,degrades gracefully!)
7. Linux {Arch-Linux, Slackware, Gentoo, Red Hat, Fedora}
8. BSD/Unix {OpenBSD, FreeBSD, NetBSD}
9. Software {Photoshop, Dreamweaver, Sorenson, Flash, QuickTime, ffmpeg, nirsoft, sysinternals, Adobe Creative Suite, etc.}
10. Windows {for Workgroups, 3.1, 95, 98, me, 2000, NT Workstation&Server, XP Pro&Home SP1&SP2}
11. And of course, if not especially, the Apache Web Server, .htaccess, and mod_rewrite!

AskApache.com Info

1. Google +
2. Popular Web Design and Development Blogs on Google
3. Top Weblogs on Alexa
4. Technorati
5. AskApache Twitter
6. Typekey
7. Stumbleupon
8. Last.fm
9. seomoz
10. LiveJournal
11. Digg
12. Flickr
13. MyBlogLog
14. WordPress Plugins, Support Forum, Codex Wiki
15. BlogCatalog

More AskApache

1. BlogCatalog
2. StatsAholic
3. Alexa
4. Technorati
5. Compete
6. Quantcast
7. DomainTools
8. Live
9. Google
10. FindForward
11. Alexa DirectoryAlexa Info
12. MyBlogLog htaccess Group

AskApache mirrors

Every once in awhile I come across a project that is so indescribably great that I decide to help out by mirroring and contributing to the content.

• cURL / libcurl
• Savannah - nongnu
• WireShark Network God

Google if you are reading this, I'm willing to relocate. ;) Microsoft, no thanks.

About AskApache originally appeared on AskApache.com

Note: You may be looking for ethernet capture implementations using the best open source network debugging tool ever created, WireShark

Commands to become undetectable on linux/BSD

Bring up the ethernet interface with no IP address and arp ignore mode (stealth mode).

$ ifconfig eth0 hw ether 00:00:00:00:00:00 promisc
$ ifconfig eth0 -arp up

Delete the inet and inet6 address, prevent stack routing.

$ route -nv // should produce nothing, same with netstat -r

what does this do?

1. You can't route packets to an interface without an entry in the routing table.
2. You can't create an entry in the routing table without an IP address assigned to the interface.

Packet Capture Software

• a basic authorization string
• a certain bootfile being called using tftp
• spanning trees and switch communication
• etc.

Caveats and Notes

NOTE: You should also check out the Arp stuff article for more in-depth info about this topic.

Q&A: from a forum discussion

i'm not that familar with linux, so i don't know if you corrected this with one of these commands, but aren't there many tools that simply check if the ethernet interface is in promisc. mode? so what's undetected about this?

Something about passive sniffing: etheral mailing list If you sniff passive you dont send any data frames? All i know is that a switch only send data based on mac address (and recv port). Where a hub just sends it out to everyone. So how would you start sniffing (on a switch) without doing smth like arp poising (sending data frames)? Also, your MAC and ip gets sent out every x seconds by ARP requests right? Or did i misunderstood the question? 00:00:00:00:00:00 - this is not an invalid mac address? Are you sure you can sniff other computers with this configuration? (diferents computers like yours)

man -a ifconfig

i would suggest plugging off pathc cord just before and do like that

ifconfig eth0 down
#UNPLUG CORD
ifconfig eth0 hw ether AA:BB:CC:DD:EE:FF
ifconfig eth0
#PLUG IN CORD
ifconfig eth0 up

and then try to look for outgoing packets. Check for promisc: ifconfig I would also suggest filling up switchs memory to make it act like a regural HUB so u will be able to sniff with normal oldstyle IP sniffers. You can sniff over switch by filling up its temporary MAC addr table. Then switch to work correctly (from its view its just overload) has to send data to every port just like HUB , and then u r at home. Also check out passive network scanning software: p0f by Lcamtuff, check it out

$ ifconfig eth0 -arp

Now I got ur point, sorry I ,misunderstood at first totaly agree that ettercap is king nowadays and is most up to date. Anyways , I was always thinking in a little different way, I mean something like "fog cover". IMO its better to spoof MAC and act as other regular user instead run all loud and silent techniques. But your idea is very interesing. Anywayz i think that there will be always something sent to the wire. As a first example that comes to my mind is link speed detection with NLP and FLP.

First thing I realized was that before I could pretend to be a machine, I had to take that machine offline. If you are lucky and its running windows, that is no problem, you can run any number of techniques against a windows box and take it down. True, but why just scan whole subnet for MAC & IP and few hours later just use one of these that are offline.

Commands to become undetectable on Windows NT/W2K/XP

1. Get your device's hex value. ('snort -W' works for this)
2. open Regedt32
3. Navigate to: HKEY_LOCAL_MACHINE$backslash$SYSTEM$backslash$CurrentControlSet$backslash$Services$backslash$Tcpip$backslash$Parameters$backslash$ Interfaces$backslash${XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
4. Select the network card you wish to setup as the monitoring interface (this will be the {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} value).
5. Set IPAddress:REG_MULTI_SZ: to null (Double click on the string, delete data in the Multi-String Editor, then click OK)
6. Set SubnetMask:REG_MULTI_SZ: to null (Double click on the string, delete data in the Multi-String Editor, then click OK)
7. Set DefaultGateway:REG_MULTI_SZ: to null (Double click on the string, delete data in the Multi-String Editor, then click OK)
8. Close the Registry Editor, your changes will be saved automatically.
9. In a command prompt, run 'ipconfig' to verify the interface does not have an IP bound to it.

External Links

• Capturing on Ethernet Examples and Diagrams
• Construction and Use of a Passive Ethernet Tap
• Switch Sniffing Article LJ
• Wireless Forensics: Tapping the Air - 2007
• Ettercap :: ARP Poisoning HowTo
• Stealthful Sniffing, Intrusion Detection and Logging
• In Search of a Sniffer

NSA Anonymous Sniffing Techniques

Statement

--Mark Klein, April 6, 2006

My Background:

For 22 and 1/2 years I worked as an AT&T technician, first in New York and then in California.

What I Observed First-Hand:

In 2002, when I was working in an AT&T office in San Francisco, the site manager told me to expect a visit from a National Security Agency agent, who was to interview a management-level technician for a special job. The agent came, and by chance I met him and directed him to the appropriate people.

In January 2003, I, along with others, toured the AT&T central office on Folsom Street in San Francisco -- actually three floors of an SBC building. There I saw a new room being built adjacent to the 4ESS switch room where the public's phone calls are routed. I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room. The regular technician work force was not allowed in the room.

In October 2003, the company transferred me to the San Francisco building to oversee the Worldnet Internet room, which included large routers, racks of modems for customers' dial-in services, and other equipment. I was responsible for troubleshooting problems on the fiber optic circuits and installing new circuits.

While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet circuits by splitting off a portion of the light signal. I saw this in a design document available to me, entitled "Study Group 3, LGX/Splitter Wiring, San Francisco" dated Dec. 10, 2002. I also saw design documents dated Jan. 13, 2004 and Jan. 24, 2003, which instructed technicians on connecting some of the already in-service circuits to the "splitter" cabinet, which diverts some of the light signal to the secret room. The circuits listed were the Peering Links, which connect Worldnet with other networks and hence the whole country, as well as the rest of the world.

One of the documents listed the equipment installed in the secret room, and this list included a Narus STA 6400, which is a "Semantic Traffic Analyzer". The Narus STA technology is known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets. The company's advertising boasts that its technology "captures comprehensive customer usage data ... and transforms it into actionable information.... (It) provides complete visibility for all internet applications."

My job required me to connect new circuits to the "splitter" cabinet and get them up and running. While working on a particularly difficult one with a technician back East, I learned that other such "splitter" cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

What is the Significance and Why Is It Important to Bring These Facts to Light?

Based on my understanding of the connections and equipment at issue, it appears the NSA is capable of conducting what amounts to vacuum-cleaner surveillance of all the data crossing the Internet -- whether that be peoples' e-mail, Web surfing or any other data.

Given the public debate about the constitutionality of the Bush administration's spying on U.S. citizens without obtaining a FISA warrant, I think it is critical that this information be brought out into the open, and that the American people be told the truth about the extent of the administration's warrantless surveillance practices, particularly as it relates to the Internet.

Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA's spying program is really limited to foreign communications or is otherwise consistent with the NSA's charter or with FISA. And unlike the controversy over targeted wiretaps of individuals' phone calls, this potential spying appears to be applied wholesale to all sorts of Internet communications of countless citizens.

Attorney contact information: Miles Ehrlich Ramsey & Ehrlich LLP Source: Legal Pad

Undetectable Sniffing On Ethernet originally appeared on AskApache.com