Submitted by Brian Caswell <bmc@mitre.org>.
ndiff compares two nmap scans and outputs the differences. It
allows monitoring of your network(s) for interesting changes in
port states and visible hosts.
Ethereal 0.8.15 has one of the biggest GUI changes in recent history;
display filters can now be constructed via an easy-to-use point-and-click
interface. Protocol dissectors now exist for: NFSv4, Mobile IPv6, X.25
over TCP, LAPBETHER, DEC LANBridge Spanning Tree Protocol, X.25 over LLC,
Frame Relay, MTP3 User Adaptation Layer, and ISDN Q.921 User Adaptation
Layer. Many other dissectors and core features were improved, and bugs
were squashed. The wiretap library can now read Sniffer Frame Relay files.
Capturing supports the "any" pseudo-device on Linux if you use libpcap 0.6
from www.tcpdump.org.
probes/attacks. Courtney receives input from tcpdump counting the
number of new services a machine originates within a certain time
window. If one machine connects to numerous services within that
time window, courtney identifies that machine as a potential SATAN
host.
Submitted by: Brian Caswell <bmc@mitre.org>
- update to 1.03
Major changes:
* dnscache drops old UDP queries in favor of new ones, and drops old
TCP connections in favor of new ones.
* dnscache supports $FORWARDONLY to forward queries to another cache.
The other cache is listed in root/servers/@.
* dnscache returns TTLs by default, so it can be used as the target
of forwarding.
* dnstrace | dnstracesort produces output that's very easy to scan.
Try dnstrace a www.netscape.com 198.41.0.4 | dnstracesort | less.
- allow concurrent builds.
- respect CFLAGS.
- no need to set ALL_TARGET or WRKDIST.
- do not override install target, use post-install.
- mkdir -> INSTALL_DATA_DIR.
Submitted by Vladimir Popov <pva48@mail.ru>.
WMnet polls network statistics and does a few things with the data it gets.
It has small blinking lights for the rx and tx of IP packets, a digital
speedometer of your polled stat's current speed and a bar graph like xload
et. al which has a tx speed graph from bottom-up and rx speed graph from
the top-down.
interface, but 80-90% of the code isn't text mode specific, so other UIs could
be created pretty easily. Also, Irssi isn't really even IRC specific anymore,
there's already a working SILC module available. Support for other protocols
like ICQ could be created some day too.
within the resolver code makes it possible to overwrite stack
variables by generating a malformed DNS packet. This problem makes
it possible to create a situation where a malicious user may be
able to execute code remotely with the UID and GID of the BitchX
client. It is necessary for an attacker to control their own DNS
to exploit this bug.
--
Besides the new dissectors (WAP, SIP, AIM/OSCAR, GIOP 1.2, 802.11)
and updates to many many dissectors, an exploit for a buffer overrun
in the AFS dissector has been patched. Please upgrade to 0.8.14 as soon
as possible to guard against this exploit, which was announced
this weekend in BugTraq.
- works around Bash bug
- dnscache-conf now wants dnsroots from /etc, instead of /usr/local/etc.
sigh.
Work around this by instructing user to copy dnsroots.global from
PREFIX/share/dnscache to /etc in pkg/MESSAGE.
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
provided with the appropriate keying material, it will also decrypt
the connections and display the application data traffic.
--
New dissectors include H.261, TPKT, and IGRP. RTP and RTCP were
re-written, and many other dissectors were updated and improved.
The wiretap library enables Ethereal to read Nokia-firewall tcpdump
files, Shomiti Surveyor 3.x files, pppd log files (pppdump format),
and NetXRay ATM files.
