--
ipband is a pcap based IP traffic monitor. It tallies per-subnet traffic
and bandwidth usage and starts detailed logging if specified threshold
for the specific subnet is exceeded. If traffic has been high for a
certain period of time, the report for that subnet is generated which
can be appended to a file or e-mailed. When bandwidth usage drops below
the threshold, detailed logging for the subnet is stopped and memory is
freed.
This utility could be handy in a limited bandwidth WAN environment
(frame relay, ISDN etc. circuits) to pinpoint offending traffic source
if certain links become saturated to the point where legitimate packets
start getting dropped.
It also can be used to monitor internet connection when specifying the
range of local ip addresses (to avoid firing reports about non-local
networks).
WWW: http://ipband.sourceforge.net/
Submitted by Vincent Derrien <hyzzod@free.fr>
- Support for decrypting resumed sessions.
- Fixed a core dump under certain RST conditions.
- Support for an arbitrary number of connections (previous versions had a hard limit).
- Better error reporting when you provide a bad password.
- Some performance fixes.
- Other bug fixes.
- Bugfixes, optimizations and a few new features; see
http://gtk-gnutella.sourceforge.net/changelog/ for details
o Install README and manual page from debian
o Clean up DESCR
o This is not an audio-related port
o The port uses X11
o The port can build concurrently
Ok lebel@
Enhancements were made to many dissectors. In particular, the SMB, DCE
RPC, PPP, and GIOP dissectors had major updates.
New dissectors include:
CosEventComm
Quake 3 Arena
GMRP
GTP
HMIPv6
OSPFv3
MMSE
UCP
Skinny Client Control Protocol
The Chatbot::Eliza module implements the classic Eliza algorithm.
The original Eliza program was written by Joseph Weizenbaum and described
in the Communications of the ACM in 1967. Eliza is a mock Rogerian
psychotherapist. It prompts for user input, and uses a simple
transformation algorithm to change user input into a follow-up question.
--
Net::Ping::External is a module which interfaces with the ping(1)
command on the system. It presently provides a single function,
ping(), that takes in a hostname and (optionally) a timeout and
returns true if the host is alive, and false otherwise. Unless
you have the ability (and willingness) to run your scripts as
the superuser on your system, this module will probably provide
more accurate results than Net::Ping (bundled with the perl
base installation) will.
Submitted and maintained by Maurice Nonnekes <maurice@amaze.nl>
---
libpcap is a packet capturing library. It is used by all sorts of
networking diagnostic programs (like tcpdump and nmap).
py-libpcap is an interface to this library for Python.
WWW: http://sourceforge.net/projects/pylibpcap/
* Take care to set a sane PATH.
* Add set -e
* Copy example files into ${PREFIX}/share/examples/PORTNAME.
* Replace PKGNAME with P_NAME in INSTALL/DEINSTALL scripts, unclear
since it already exists in the Makefile with a different value.
* Change output of INSTALL/DEINSTALL to be more like other scripts
found in the tree(suggested by heko@).
* Add missing gdbm dependency.
Submitted by maintainer Nils Nordman <nino@nforced.com>.
Added code in both the client and the server to detect whether the
peer is an old version with the S1G bug. The server will refuse
to serve such clients, and the client will refuse updates from
such a server. In each case, an error message is printed with a
URL that describes the bug and the upgrade procedure.
Resolv allows a user to resolve the names of a single IP address or
entire network of addresses to maintain a "map" of the names that
comprise a certain network.
The crawl utility starts a depth-first traversal of the web at the
specified URLs. It stores all JPEG images that match the configured
constraints. Crawl is fairly fast and allows for graceful termination.
After terminating crawl, it is possible to restart it at exactly the
same spot where it was terminated. Crawl keeps a persistent database
that allows multiple crawls without revisiting sites.
The main reason for writing crawl was the lack of simple open source
web crawlers. Crawl is only a few thousand lines of code and fairly
easy to debug and customize.
Features
+ Saves encountered JPEG images
+ Image selection based on regular expressions and size contraints
+ Resume previous crawl after graceful termination
+ Persistent database of visited URLs
+ Very small and efficient code
+ Supports robots.txt
--
TightVNC is an enhanced version of VNC, which is optimized to work over
slow network connections such as low-speed modem links. While original
VNC may be very slow when your connection is not fast enough, with
TightVNC you can work remotely almost in real time in most environments.
Besides bandwidth optimizations, TightVNC also includes many other
improvements, optimizations and bugfixes over VNC. Note that TightVNC is
free, cross-platform and compatible with the standard VNC.
WWW: http://www.tightvnc.org/
Submitted by Rob Casey <rob@minauros.com>
* Changes in zebra-0.92a
* Changes in bgpd
** Fix "^$" community list bug.
** Below command's Address Family specific configurations are added
nexthop-self
route-reflector-client
route-server-client
soft-reconfiguration inbound
* Changes in zebra
** Treat kernel type routes as EGP routes.
is moved over.
New to 1.8.1
* SNMP Alerts
* IDMEF XML output
* Limited wildcard regex support
* New normalization mode for http_decode
* many bug fixes
OpenBSD port changes:
FLAVOR=snmp now works
vtysh now works
Also, OpenBD specific fixes not listed below include a patch to correctly
get all interfaces from the kernel.
Changelog from e-mail:
* Changes in zebra-0.92
** Overall security is improved. Default umask is 0077.
* Changes in ripd
** If output interface is in simple password authentication mode,
substruct one from rtemax.
* Changes in bgpd
** IPv4 multicast and IPv6 unicast configuration is changed to so
called new config. All of AFI and SAFI specific configuration is
moved to "address-family" node. When you have many IPv6 only
configuration, you will see many "no neighbor X:X::X:X activate" line
in your configuration to disable IPv4 unicast NLRI exchange. In that
case please use "no bgp default ipv4-unicast" command to suppress the
output. Until zebra-0.93, old config is still left for compatibility.
Old config
==========
router bgp 7675
bgp router-id 10.0.0.1
redistribute connected
network 192.168.0.0/24
neighbor 10.0.0.2 remote-as 7675
ipv6 bgp network 3ffe:506::/33
ipv6 bgp network 3ffe:1800:e800::/40
ipv6 bgp aggregate-address 3ffe:506::/32
ipv6 bgp redistribute connected
ipv6 bgp neighbor 3ffe:506:1000::2 remote-as 1
New config
==========
router bgp 7675
bgp router-id 10.0.0.1
network 192.168.0.0/24
redistribute connected
neighbor 10.0.0.2 remote-as 7675
neighbor 3ffe:506:1000::2 remote-as 1
no neighbor 3ffe:506:1000::2 activate
!
address-family ipv6
network 3ffe:506::/33
network 3ffe:1800:e800::/40
aggregate-address 3ffe:506::/32
redistribute connected
neighbor 3ffe:506:1000::2 activate
exit-address-family
* Changes in ospfd
** Internal interface treatment is changed. Now ospfd can handle
multiple IP address for an interface.
** Redistribution of loopback interface's address works fine.
--
State Threads is an application library which provides a foundation
for writing fast and highly scalable Internet Applications on
UNIX-like platforms. It combines the simplicity of the multithreaded
programming paradigm, in which one thread supports each simultaneous
connection, with the performance and scalability of an event-driven
state machine architecture.
WWW: http://oss.sgi.com/projects/state-threads/
Submitted by Patroklos Argyroudis <argp@bsd.gr>
Submitted by Patroklos Argyroudis <argp@bsd.gr>.
ctrace is an IPv4 traceroute tool that supports many features missing
in standard 4.3BSD traceroute(8). It is programmed entirely in perl.
The more traditional traceroute(8) sends out either UDP or ICMP ECHO
packets with a TTL of one, and increments the TTL until the destination
has been reached. By printing the gateways that generate ICMP time
exceeded messages along the way, it is able to determine the path
packets are taking to reach the destination.
The problem is that with the widespread use of firewalls on the modern
Internet, many of the packets that traceroute(8) sends out end up being
filtered, making it impossible to completely trace the path to the
destination. However, in many cases, these firewalls will permit inbound
TCP packets to specific ports that hosts sitting behind the firewall are
listening for connections on. By sending out TCP SYN packets instead of
UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common
firewall filters.
rain is powerful tool for testing stability of hardware and
software utilizing IP protocols. It offers its users the
capability of creating their own packets with a wide variety
of command line options.
WWW: http://www.tenebrous.com/rain/
MAINTAINER= Joshua Stein <jcs@rt.fm>
--
Cisco's TACACS+ Server
TACACS+ is used for authentication, authorization, and accounting
on Cisco routers. This daemon provides a server for TACACS+ routers.
WWW: http://www.gazi.edu.tr/tacacs/
MAINTAINER= Jeff Bachtel <jeff@cepheid.org>
+ lots of additional mods
+ pvalchev@ helped
+ lebel@ reviewed
From Changelog:
* added new IP defragmenter, spp_frag2
* added new stateful inspection/tcp stream reassembly plugin, spp_stream4
* Snort can now statefully detect ECN traffic (less false alarms)
* stream4 can now keep session statistics in a "session.log" file
* added new high-speed unified binary output system, spo_unified
* added new data structs/management for tag code
* added -k switch to tune checksum verification behavior
* added -z switch to provide stateful verification of alerts
* modified bahavior of http_decode, now only alerts once per packet
* added unique Snort ID's to every Snort rule, plus generator, revision
and event ID info to each alert
* detection engine only alerts once per packet now, tcp stream code doesn't
generate another alert packet if a previous one already alerted for that
stream
* fixed signal handling on svr4 systems
* added enhanced cross reference printout to full/fast/syslog alert modes
* added new high speed checksum verification (on x86) routines
* added new ARP spoof detection preprocessor from Jeff
Nathan <jeff@wwti.com>
* * *
Xprobe is a tool automating the X logic.
X is a logic developed from the various Active Operating System
Fingerprinting methods discovered during the "ICMP Usage In
Scanning" research project.
http://www.sys-security.com/
