The more traditional traceroute(8) sends out either UDP or ICMP ECHO
packets with a TTL of one, and increments the TTL until the destination
has been reached. By printing the gateways that generate ICMP time
exceeded messages along the way, it is able to determine the path
packets are taking to reach the destination.
The problem is that with the widespread use of firewalls on the modern
Internet, many of the packets that traceroute(8) sends out end up being
filtered, making it impossible to completely trace the path to the
destination. However, in many cases, these firewalls will permit inbound
TCP packets to specific ports that hosts sitting behind the firewall are
listening for connections on. By sending out TCP SYN packets instead of
UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common
firewall filters.
rain is powerful tool for testing stability of hardware and
software utilizing IP protocols. It offers its users the
capability of creating their own packets with a wide variety
of command line options.
WWW: http://www.tenebrous.com/rain/
MAINTAINER= Joshua Stein <jcs@rt.fm>
--
Cisco's TACACS+ Server
TACACS+ is used for authentication, authorization, and accounting
on Cisco routers. This daemon provides a server for TACACS+ routers.
WWW: http://www.gazi.edu.tr/tacacs/
MAINTAINER= Jeff Bachtel <jeff@cepheid.org>
+ lots of additional mods
+ pvalchev@ helped
+ lebel@ reviewed
From Changelog:
* added new IP defragmenter, spp_frag2
* added new stateful inspection/tcp stream reassembly plugin, spp_stream4
* Snort can now statefully detect ECN traffic (less false alarms)
* stream4 can now keep session statistics in a "session.log" file
* added new high-speed unified binary output system, spo_unified
* added new data structs/management for tag code
* added -k switch to tune checksum verification behavior
* added -z switch to provide stateful verification of alerts
* modified bahavior of http_decode, now only alerts once per packet
* added unique Snort ID's to every Snort rule, plus generator, revision
and event ID info to each alert
* detection engine only alerts once per packet now, tcp stream code doesn't
generate another alert packet if a previous one already alerted for that
stream
* fixed signal handling on svr4 systems
* added enhanced cross reference printout to full/fast/syslog alert modes
* added new high speed checksum verification (on x86) routines
* added new ARP spoof detection preprocessor from Jeff
Nathan <jeff@wwti.com>
* * *
Xprobe is a tool automating the X logic.
X is a logic developed from the various Active Operating System
Fingerprinting methods discovered during the "ICMP Usage In
Scanning" research project.
http://www.sys-security.com/
- Bump VERSION
- Fixes MASTER_SITES
- New ssl flavor
- New Maintainer
- Remove po patches
- Add patch for text-based xchat
Permission granted by original maintainer : Couderc Damien <couderc.damien@wanadoo.fr>
---
Net::IPv4Addr provides functions for parsing IPv4 addresses both
in traditional address/netmask format and in the new CIDR format.
There are also methods for calculating the network and broadcast
address and also to see check if a given address is in a specific
network.
+ now with OpenBSD "plug-in" support
eg.
banshee v 1.1 -- They kill without discretion...
dummy v 1.0 -- Dummy plugin. It does nothing !
leech v 1.6 -- Isolate a host from the LAN
lurker v 1.3 -- Try to search for other ettercap
ooze v 1.4 -- Ping a host.
shadow v 1.8 -- A very simple SYN/TCP port scanner
spectre v 1.1 -- Flood a switched LAN with random MAC addresses
triton v 1.3 -- Try to discover the LAN's gateway
Changes:
o fixed two file descriptor leaks in ftpcopy. (Spotted by Matthias
Andree)
o added --bps option to ftpcopy.
o ftpcopy and ftpls now work with the runsocks program from the
socks5 reference implementation. See the FAQ.
o ftpcopy and ftpls now have a --timeout option to set the timeout
used during the connection.
o ftpcopy now has a --tolower option, causing it to change all
local file and directory names to lowercase. Note: you'll
possibly want to read the manual page before you use this
option.
o ftpls can make recursive directory listings. Use the --recursive
option for this.
o don't allow the FTP server do redirect PASV to other hosts or
ports below 1024 (with the exception of port 20).
o temporary files are created in the target directory.
The purpose of OpRoute is to attempt to establish a
*generalized* measurement system which takes into
account all of the factors that are usually considered
to be important when it comes to performance.
Specifically:
- Packet loss
- Latency
- Layer 3 Hops
- AS Hops
- NAP Hops
- Throughput (To be done, not in there yet)
MAINTAINER= Jason Peel <jsyn@nthought.com>
--
dlint analyzes any DNS zone you specify, and reports any problems
it finds by displaying errors and warnings. Then it descends
recursively to examine all zones below the given one (this can be
disabled with a command-line option). Designed for Unix, dlint
is written in Bourne Shell and Perl.
WWW: http://www.domtools.com/dns/dlint.shtml
Submitted by Jason Peel <jsyn@nthought.com>
The author seems to have dropped gettext and any NLS support.
Changes:
* Fix a minor bug that caused problems when sending files,
* Shows a warning when you run more than one clients with the same UIN,
* Fix a big that caused some messages not to appear in history,
* Manual page included in the package - centericq(1),
* An ability to turn off local mailbox checking was added.
--
Balance is a simple but powerful generic tcp proxy with round robin
load balancing and failover mechanisms. Its behaviour can be
controlled at runtime using a simple command line syntax.
The latest release now supports the definition of channel groups
and connection counting and handling boosting the power and versatility
of balance one big step further.
WWW: http://balance.sourceforge.net/
Submitted by Jason Peel <jsyn@nthought.com>
I am no longer the developer of the Nemesis Project.
This project is now developed by Jeff Nathan <jeff@wwti.com>
I will still remain the active maintainer of the OpenBSD port.
For those curious, details of WHY I have given up Nemesis and
the future direction of this project can be found here:
http://www.packetninja.net/nemesis_announcement.html
--
What is Gtk-Gnutella ?
Gtk-Gnutella is a clone of Gnutella (see gnutella.wego.com). It's
a Unix clone, and it needs GTK+ (1.2 or above). Gnome is not needed.
It is currently developed and tested under Linux (Redhat 6). It
is known to run at least on Linux and FreeBSD (on 80x86 machines).
It is released under the GNU Public License (GPL).
Is it finished ?
No. Currently it lacks all sharing support, as well as many other
(minor) features. But you should already be able to search for any
files you want and to download them.
Submitted by Flinn Mueller <flinn@activeintra.net>
From CHANGELOG
-- Added a whole bunch of new OS fingerprints (and adjustments)
ranging from big important ones (Linux 2.4.X, OpenBSD 2.9, FreeBSD
4.3, Cisco 12.2.1, MacOS X, etc) to some that are more obscure (
such as Apple Color LaserWriter 12/660 PS and VirtualAccess
LinxpeedPro 120 )
-- Added "All zeros" IP.ID sequence classification to account for the
new Linux 2.4 scheme which seems to use 0 whenever the DF bit is
set (probably a good idea).
-- Tweaked TCP Timestamp and IP.ID sequence classification algorithms
- move examples configuration into $PREFIX/share/examples/arpwatch
- move database to /var/arpwatch, create if needed
- update manpages to reflect new paths
- take MAINTAINER
- Install locale files.
- Use the gettext port rather than building the included one.
help from naddy@
Brief ChangeLog:
o Now it's possible to open a received URL with a browser directly;
controlled in the ~/.centericq/actions file.
o Cancelled messages are now being postponed for later editing.
o Substring search in history is implemented.
o QuickFind feature works in multiple contact selection mode as well
as in the contact list and is case insensitive.
Changes:
Added a Protocol State Machine for dissectors, the ability to
specify the rule "Log" to the filtering form, a Packet Factory to create
and send packets on the fly, support for multiple config files, code
cleanups, added the ability to launch plugins from connection list, a new
plugin named banshee, and enhancements in the protocol dissector for
SOCKS 5, IMAP, VNC, SMB, and MySQL.
- Contact list is now sorted by "who-last-send-an-event" criteria.
- Quickfind mode is available.
- Unsent messages counter on the top of screen has been added.
Kill a dead MASTER_SITE (found by naddy@) and add a new one in the US.
reviewed by naddy@
--
This is a simple Python script to register your dynamic IP address
using the NIC V2.0 protocol. We aim to be fully compliant with the
dyndns client specification.
--
BIND 9.1.2 is now available. This is a maintenance release, containing
fixes for a number of bugs in 9.1.1 but no new features. We recommend
that all users of earlier versions of BIND 9 upgrade to 9.1.2.
DNSSEC users should note that DNSSEC validation involving algorithms other
than RSA will not interoperate between this version of BIND and version
9.1.1 or older, because the older versions use an incorrect formula for
calculating key tags of non-RSA keys.
more syslogging of login failures so we have have more info on why.
patch-etcafpd-volumec
Update to partially resolve the current problem with afpd not behaving
correctly with permisions on /etc/netatalk.
Log correctly to /var/log/daemon when we can't access configuration files.
Put in place proper error checking when reading them. Would be nice if the
origional programmers actually checked for failure for anything.
People can now see just why things are not working as they like.
Mar 29 18:08:38 kashmir afpd[6210]: session from 39148.187:250 on
39148.169:129
Mar 29 18:08:38 kashmir afpd[6210]: login dingo (uid 1002, gid 10)
Mar 29 18:08:38 kashmir afpd[6210]: unable to access
/etc/netatalk/AppleVolumes.system: Permission denied
Mar 29 18:08:40 kashmir afpd[6210]: done
Mar 29 18:08:40 kashmir afpd[21593]: asp_chld 6210 done
Pass the CORRECT arguments to creatvol. from "Benninghoff, John"
<JABenninghoff@dainrauscher.com>
Return AFPERR_PARAM when we can't access configuration files to
the appleshare client requesting access. This stops possible DOS under
MacOS. In it's current form the Appleshare client has to be killed on the
MAC side by killing the "CHOOSER" Application. By returning proper errors
the appleshare client exits gracefully with error: "An Appleshare system
error occured."
patch-etcpapd-lpc
cosmetic change: remove an unused variable.
patch-version
changes made bump version.
--
From: maintainer
including AIM, ICQ, and Yahoo! Chat. It also has file transfers between
other Everybuddy users, and planned support for file transfers to other
users. From Josh Rivel <dorqus@bsdfreek.com>.
A curses-based textmode ICQ client implementation. It is a
fully featured client, can do things like file transfer. Has
the ability to associate sounds with different actions/evens
and play them through a sound card, as well as the standart
beeping.
Things like colors are not hard-coded in the program itself,
but can be set in the corresponding config files
--
New dissectors include SUA Light, HCLNFSD, Rquota. Many other dissectors were
updated and bug-fixed. The wiretap library can now read Etherpeek files,
and write NetMon 2.x files. Capture filters and display filters are kept in
separate dialogues/files to help minimize confusion. A new "Decode As"
feature allows some run-time configuration of which dissectors are called
for a particular packet. You can now click on a byte in the hex dump and the
appropriate field in the protocol tree will be selected. The display filter
code was re-written, and some syntax changed (esp. for boolean variables).
Submitted by Wangden Kelsang <wngdn@src.uchicago.edu>.
Nslint reads the (BIND) nameserver configuration files and performs
a number of consistency checks on the dns records. Nslint is known
to work with BIND versions 4, 8, and 9.
This port had no real name associated with the listed address. When
trying to reach this person, the mail bounces. It also appears from
the logs that this person hasn't been maintaining this.
Sirc is an Internet Relay Chat programmable client written in
perl and C. It has a main perl script that can be run in 'dumb'
mode, standalone, and a separate split-screen front end in C,
called ssfe.
Sing is a little tool that sends ICMP packets fully customized from
command line. The main purpose is to replace/complement the niceful
ping command with certain enhancements as:
o Send fragmented packets.
o Send monster packets > 65534.
o Send/read spoofed packets.
o Send many ICMP Information types in addition to the ECHO REQUEST
type sent by default as Address Mask Request, Timestamp, Information
Request, Router Solicitation and Router Advertisement.
o Send many ICMP error types: Redirect, Source Quench, Time Exceeded,
Destination Unreach and Parameter Problem.
o Send to host with Loose or Strict Source Routing.
o Use little fingerprinting techniques to discover Window$ or Solaris
boxes.
o Send ICMP packets emulating certain OS: Cisco, Solaris, Linux, Shiva,
Unix and Window$ at the moment.
Angst provides methods for aggressive sniffing on switched
local area network environments.
It dumps the payload of all the TCP packets received on the
specified ports. Moreover, it implements methods for active
sniffing. Angst currently provides two active sniffing methods.
The first monitors ARP requests, and after enabling IP
forwarding on the local host, sends ARP replies mapping all IPs
to the local MAC address. The second method floods the local
network with random MAC addresses (like macof v1.1 by Ian Vitek),
causing switches to send packets to all ports. Made just for
testing purposes and fun. If you compile it on any other
platform except the ones listed below, please contact me at the
above email address. As always, published under a BSD style
license, see the included LICENSE file.
Changes: This version responds differently to *-class queries, and
to AXFR requests, to placate a few broken clients. The servers now
log ``starting'' messages.
--
tcpstat reports certain network interface statistics much like
vmstat does for system statistics. tcpstat gets its information by
either monitoring a specific interface, or by reading previously
saved tcpdump data from a file.
Major changes:
* tinydns automatically returns a random set of 8 addresses, in a
random order, from a cluster of any size.
* tinydns supports client differentiation. There's no longer any
reason to use pickdns.
* dnstracesort prints glue information. This reveals all sorts of
interesting inconsistencies.
--
BIND 9.1.0 has been released. Compared to BIND 9.0, BIND 9.1 has a
number of new features as well as numerous bug fixes and cleanups.
The new features include:
- Many BIND 8 features previously unimplemented in BIND 9,
including domain-specific forwarding, the $GENERATE
master file directive, and the "blackhole", "dialup",
and "sortlist" options
- Forwarding of dynamic update requests; this is enabled
by the "allow-update-forwarding" option
- A new, simplified database interface and a number of
sample drivers based on it; see doc/misc/sdb for details
- Support for building single-threaded servers for
environments that do not supply POSIX threads
- New configuration options: "min-refresh-time",
"max-refresh-time", "min-retry-time", "max-retry-time",
"additional-from-auth", "additional-from-cache",
"notify explicit"
- Faster lookups, particularly in large zones.
Submitted by Brian Caswell <bmc@mitre.org>.
ndiff compares two nmap scans and outputs the differences. It
allows monitoring of your network(s) for interesting changes in
port states and visible hosts.
Ethereal 0.8.15 has one of the biggest GUI changes in recent history;
display filters can now be constructed via an easy-to-use point-and-click
interface. Protocol dissectors now exist for: NFSv4, Mobile IPv6, X.25
over TCP, LAPBETHER, DEC LANBridge Spanning Tree Protocol, X.25 over LLC,
Frame Relay, MTP3 User Adaptation Layer, and ISDN Q.921 User Adaptation
Layer. Many other dissectors and core features were improved, and bugs
were squashed. The wiretap library can now read Sniffer Frame Relay files.
Capturing supports the "any" pseudo-device on Linux if you use libpcap 0.6
from www.tcpdump.org.
probes/attacks. Courtney receives input from tcpdump counting the
number of new services a machine originates within a certain time
window. If one machine connects to numerous services within that
time window, courtney identifies that machine as a potential SATAN
host.
Submitted by: Brian Caswell <bmc@mitre.org>
- update to 1.03
Major changes:
* dnscache drops old UDP queries in favor of new ones, and drops old
TCP connections in favor of new ones.
* dnscache supports $FORWARDONLY to forward queries to another cache.
The other cache is listed in root/servers/@.
* dnscache returns TTLs by default, so it can be used as the target
of forwarding.
* dnstrace | dnstracesort produces output that's very easy to scan.
Try dnstrace a www.netscape.com 198.41.0.4 | dnstracesort | less.
- allow concurrent builds.
- respect CFLAGS.
- no need to set ALL_TARGET or WRKDIST.
- do not override install target, use post-install.
- mkdir -> INSTALL_DATA_DIR.
Submitted by Vladimir Popov <pva48@mail.ru>.
WMnet polls network statistics and does a few things with the data it gets.
It has small blinking lights for the rx and tx of IP packets, a digital
speedometer of your polled stat's current speed and a bar graph like xload
et. al which has a tx speed graph from bottom-up and rx speed graph from
the top-down.
interface, but 80-90% of the code isn't text mode specific, so other UIs could
be created pretty easily. Also, Irssi isn't really even IRC specific anymore,
there's already a working SILC module available. Support for other protocols
like ICQ could be created some day too.
within the resolver code makes it possible to overwrite stack
variables by generating a malformed DNS packet. This problem makes
it possible to create a situation where a malicious user may be
able to execute code remotely with the UID and GID of the BitchX
client. It is necessary for an attacker to control their own DNS
to exploit this bug.
