cipherdyne.org

19 December, 2004

The 0.6.4 release of fwsnort is ready for download. Here is an excerpt from the ChangeLog:

• Updated to Snort-2.3 rules. FWSnort can convert a total of 1710 out of 2559 total Snort-2.3 rules.
• Updated to new Snort rules download link for --update-rules mode: http://www.snort.org/dl/rules/snortrules-snapshot-CURRENT.tar.gz
• Updated to standard [+], [-], and [*] prefixes for info, warning and die logging messages.
• Added --replace-string patches.

15 December, 2004

I have written an article for USENIX ;login: Magazine entitled "Combining Port Knocking and Passive OS Fingerprinting with fwknop. Fwknop is the first port knocking implementation to combine port knocking and passive OS fingerprinting into a single piece of software. This allows you to do things like only allow Linux systems to connect to your SSH daemon.

26 November, 2004

The 1.4.0 release of psad is ready for download. Here is an excerpt from the ChangeLog:

• Added p0f-style passive OS fingerprinting through the use of the OPT field in iptables log messages (which is only logged through the use of the --log-tcp-options command line arg to iptables).
• Bugfix for iptables log messages that include tcp sequence numbers (see the iptables --log-tcp-sequence command line argument).
• Bugfix for O_RDONLY open flag when kmsgsd receives a HUP signal.

16 November, 2004

The 0.9.1 release of gpgdir is ready for download. Here is an excerpt from the ChangeLog:

• Updated GnuPG.pm perl module to handle return code of PLAINTEXT which seems to be returned by GunPG now (as of version 1.2.6) instead of DECRYPTION_OKAY upon a successful decryption.

21 October, 2004

The 1.3.4 release of psad is ready for download. Here is an excerpt from the ChangeLog:

• Bugfix for init script directory on Slackware systems.
• Bugfix for null prefix counters.
• Added --whois-analysis argument since whois lookups are now disabled by default when running in analysis (-A) mode.
• Updated psad_init() to rework setup() and import orderings vs. --fw-analyze and --Benchmark modes.
• Added bidirectional iptables auto-blocking support for all chains except for the INPUT and OUTPUT chains.
• Better syslog message support when run in auto-blocking mode.
• Added iptables auto-block rules section to --Status output.
• Added init script for Fedora systems.
• Added default_log() function to IPTables::Parse. This function parses user defined chains in an effort to find default logging rules.

12 September, 2004

The 0.4.2 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:

• Added init script for Fedora systems.
• Added --Kill, --Restart, and --Status modes (this fixes the generic init script which depends on these arguments).

12 September, 2004

The 0.4.1 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:

• Bugfix for legacy posf code in fwknop and variable in fwknop.conf.

09 September, 2004

The 1.3.3 release of psad is ready for download. Here is an excerpt from the ChangeLog:

• Fixed __WARN__ and __DIE__ exception handlers so that they reference global message variables.
• Fixed auto danger level assignments. Network auto assignments as well as per-protocol assignments work now.
• Added SYSLOG_DAEMON variable to define which syslog daemon is running on the underlying system instead of just guessing.
• Added the ability to ignore both ranges and specific ports/protocols with a new variable IGNORE_PORTS in psad.conf.
• Bugfix to make sure email addresses are separated by spaces when Psad::sendmail() is called.
• Bugfix for ipt_prefix counters not being parsed correct at import time.
• Removed exclude_auto_ignore_ip() since this function was made unnecessary by newly rewritten auto-assign code.

02 September, 2004

The 0.9 release of gpgdir is ready for download. Here is an excerpt from the ChangeLog:

• Added --gnupg-dir option to allow a user to specify a different user's .gnupg directory for encryption keys.
• Switched to "[+]" (and related) message prefixes.

01 August, 2004

The concept of combining passive OS fingerprinting along with port knocking as implemented by fwknop has made it to the Slashdot front page. The story has been given the title Combining Port Knocking With OS Fingerprinting.