cipherdyne.org

Michael Rash, Security Researcher



2003 Blog Archive    [Summary View]

Software Release - psad-1.3.1

25 December, 2003

The 1.3.1 release of psad is ready for download. Here is an excerpt from the ChangeLog:
  • Added the ability to import /var/log/psad/<ip> directories back into memory so scan data remains persistent across psad restarts or system reboots.
  • Added --Analyze-msgs to run psad in analysis mode against an iptables logfile (/var/log/psad/fwdata by default). The logfile path can be changed with --messages-file.
  • Added icmp type and code validation against RFC 792.
  • Bugfix for being too strict with FW_MSG_SEARCH.
  • Added port ranges for tcp and udp scans in <ip>/<dst>_packet_ctr.
  • Added <ip>/<dst>_start_time and <ip>/os_guess.
  • Bugfix for missing --no-signatures code.
  • Updated to Snort-2.1 signatures.

25 December, 2003 | Software Releases | By: Michael Rash

Software Release - fwsnort-0.5

21 December, 2003

The 0.5 release of fwsnort is ready for download. Here is an excerpt from the ChangeLog:
  • Added "-j REJECT --reject-with tcp-reset" for tcp sessions if the --ipt-block option is specified.
  • Added ability to download latest snort rules from snort.org.
  • Added --no-ipt-jumps.
  • Added better checking for iptables build characteristics such as the LOG target and wether or not the ipv4options extension is compiled in.
  • Added config preservation code from psad in install.pl.

21 December, 2003 | Software Releases | By: Michael Rash

Article on Comparing Netfilter to Check Point FW-1

15 October, 2003

I have written an article for Information Security Magazine that compares Netfilter to Check Point FW-1. While this comparison may seem somewhat odd because FW-1 is oriented towards commercial customers and emphasizes a nice GUI, Netfilter (like other open source projects) has it where it counts even though it is completely free. The article is entitled "Firewalls: Doing it Yourself".

15 October, 2003 | IDS and iptables | Publications | By: Michael Rash

Software Release - gpgdir-0.3

01 October, 2003

The 0.3 release of gpgdir is ready for download.

01 October, 2003 | Software Releases | By: Michael Rash

Software Release - gpgdir-0.2

26 July, 2003

The 0.2 release of gpgdir is ready for download.

26 July, 2003 | Software Releases | By: Michael Rash

Linux Journal Article Posted - Netfilter on Nokia IP330

24 April, 2003

Netfilter on IP330 I have written an article for the Linux Journal on a series of steps you can perform to get Linux and Netfilter running on a Nokia IP330 appliance. This hardware is normally used to run Check Point FW-1 firewalls, but it runs Linux just fine. The article is entitled "Running Linux and Netfilter on Nokia IP Series Hardware".

24 April, 2003 | Publications | By: Michael Rash

Software Release - gpgdir-0.1

27 February, 2003

The 0.1 release of gpgdir is ready for download.

27 February, 2003 | Software Releases | By: Michael Rash