--
Zebedee is a simple program to establish an encrypted, compressed TCP or
UDP tunnel between two systems. This allows traffic such as telnet, ftp,
VNC, and X to be protected from snooping as well as potentially gaining
performance over low-bandwidth networks from compression.
WWW: http://www.winton.org.uk/zebedee/
Submitted by Jon Leonard <jleonard@iss.net>
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system.
Captured packets contains enough information to determine OS - and,
unlike active scanners (nmap, queSO) - without sending anything to
this host.
---
IO::Socket::SSL is a class implementing an object oriented interface
to SSL sockets. The class is a descendent of IO::Socket::INET and
provides a subset of the base class's interface methods as well as
SSL specific methods.
either support more than one protocol to attack or support parallized
connects.
Currently this tool supports TELNET, FTP, POP3, IMAP, HTTP Basic and Cisco
authentication only, however the module engine for new services is very easy
so it won't take a long time until more services are supported.
---
Python OpenSSL Wrappers(POW) is a set of comprehensive wrappers for
Python of the OpenSSL libraries. POW will provide a 'slim' interface
which will still enable Python developers to fully utilize OpenSSL.
WWW: http://pow.sourceforge.net
the 1.0.4 release and because the problem was later fixed in 1.0.5 (and
later versions). Here is a quote from the NEWS file about this issue:
--cut--
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores signed
material given on stdin unless this is requested by using a "-" as the
name for the file with the signed material. Please check all your
detached signature handling applications and make sure that they don't
pipe the signed material to stdin without using a filename together with
"-" on the the command line.
--cut--
The patch introduce a problem in the way verifying a signature returned
a value of 2 instead of 0 (when the signature was properly verified).
The symptom showed itself in mutt for example.
This problem was found by Anders Arnholm <anders@arnholm.nu>
markus@ asked me to commit this.
---
GnuPGInterface is a Python module to interface with GnuPG. It
concentrates on interacting with GnuPG via filehandles, providing
access to control GnuPG via versatile and extensible means.
- setsockopt() optlen set according to the optval for Solaris.
- Minor NetBSD compatibility fixes by Martti Kuparinen.
- Minor MSVC6 compatibility fixes by Patrick Mayweg.
- SSL close_notify timeout reduced to 10 seconds of inactivity.
- Socket close instead of reset on close_notify timeout.
- Some source arrangement and minor bugfixes.
- Critical section added around non MT-safe TCP Wrappers code.
- Problem with "select: Interrupted system call" error fixed.
- errno replaced with get_last_socket_error() for Win32.
- Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
- Local mode process pid logged.
- Default FQDN (localhost) removed from stunnel.cnf
- ./configure changed to recognize POSIX threads library on OSF.
- New -O option to set socket options.
--
APG (Automated Password Generator) is the tool set for random
password generation. It features: a built-in ANSI X9.17 RNG (Random
Number Generator)(CAST/SHA1), two methods for password generation:
FIPS 181 and truly random, configurable lengths and numbers of
passwords. Two components are supported, a network daemon (apgd)
and a command line client (apg). The command line tool does not
require the network daemon.
WWW: http://www.adel.nursat.kz/apg/
MAINTAINER= Jose Nazario <jose@crimelabs.net>
ok pvalchev@
was found that there was a trojaned version of aide floating there.
However, our checksum checking would have found the difference, but
I prefer to play it safe and remove that obviously unsecure host from
the Aide's MASTER_SITES (they should use OpenBSD :)).
Thanks to Heikki Korpela <heko@iki.fi> for bringing this to me.
- MAX_CLIENTS is calculated based on FD_SETSIZE, now.
- Problems with closing SSL in transfer() fixed.
- -I option to bind a static local IP address added.
- Debug output of info_callback redesigned.
Maintainer : COUDERC Damien <couderc.damien@wanadoo.fr>
---
GnuPG Made Easy (GPGME) is a library designed to make access to
GnuPG easier for applications.
It provides a High-Level Crypto API for encryption, decryption,
signing, signature verification and key management. Currently it
uses GnuPG as it's backend but the API isn't restricted to this
engine; in fact it is planned to add other backends to it.
--
Chrootuid makes it easy to run network services at a low privilege
level and with restricted file system access. This utility employs
both chroot and su to confine users to specified areas by assigning
appropriate userids.
Chrootuid was written by Wietse Venema; this port includes Phil
Pennock's initgroups patch.
WWW: http://www.porcupine.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
An initial port skeleton was donated by the farmer who uses BSD.
o transposition.grid-controls added (rectangular grid transposition
ciphers)
o steganalysis.word-gaps added (hidden cipher breaker)
o Various cosmetic changes
o Made source pane editable updating view pane dynamically. Got rid of
old "edit source" option.
o Moved hillclimb-cracker's progress bar onto widget display
o Description area in plugin-viewer
o Plugins share variables by not using 'static'
o New plugin->menu_string and menu items
o Added optional source pane to make the source/view idea more obvious
- Some transfer() bugfixes/improvements.
- STDIN/STDOUT are no logner assumed to be non-socket decriptors.
- Problem with --with-tcp-wrappers patch fixed.
- pop3 and nntp support bug fixed by Martin Germann.
- -o option to append log messages to a file added.
- Changed error message for SSL error 0.
- Serious bug resulting in random transfer() hangs fixed.
- Separate file descriptors are used for inetd mode.
- -f (foreground) logs are now stamped with time.
- New ./configure option: --with-tcp-wrappers by Brian Hatch.
- pop3 protocol client support (-n pop3) by Martin Germann.
- nntp protocol client support (-n nntp) by Martin Germann.
- RFC 2487 (smtp STARTTLS) client mode support.
- Transparency support for Tru64 added.
- Some #includes for AIX added.
--
hlfl (High Level Firewall Language) permits writing firewall rulesets
using its high level language, and transforms them into rules for
real software, including IPFilter, ipchains, Netfilter and Cisco IOS.
hlfl attempts to make the best use of the features of the underlying
firewall, such that a conversion from stateless to stateful requires
no modification to the original script.
hlfl was initiated by Renaud Deraison, co-founder of the Nessus
Project.
WWW: http://www.hlfl.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
--
Encrypt/decrypt stdin using the Advanced Encryption Standard winner
"Rijndael" encryption algorithm in Cipher Block Feedback (stream)
mode. Uses /dev/urandom to create a salt. Prepends the output stream
with salt when encrypting, strips it off when decrypting.
WWW: http://aescrypt.sourceforge.net/
--
Corkscrew is a tool for tunneling SSH through HTTP proxies.
Corkscrew has been tested against the Gauntlet, CacheFlow, and
JunkBuster proxies.
WWW: http://www.agroman.net/corkscrew/
Submitted by Jason Peel <jsyn@nthought.com>
that can be played with ordinary sound players. The phone conversation can
either be played directly from the network or from a tcpdump output file.
Vomit is also capable of inserting wavefiles into ongoing telephone
conversations. Vomit can be used as a network debugging tool, a speaker
phone, etc ...
vomit is written by Niels Provos and the port created by Jason Peel.
--
The Siphon Project is a portable passive network mapping suite. In
the latest public version, Siphon passively maps TCP ports and
performs passive operating system detection. Through the magic of
RFC ambiguity and programmer uniqueness, different machines exhibit
telltale characteristics that enable Siphon to make a fairly accurate
guess at what operating system is running on machines sending packets
out over the wire. The beauty of this method is that our tool does
not need to send out a slew of non-RFC compliant packets that trip
intrusion detection systems. In fact, we send out no packets at
all. Whereas nmap crashes some machines and network hardware when
performing its active OS detection tests, Siphon would never crash
remote machines. Siphon is available for UNIX and Win32.
WWW: http://www.gravitino.net/projects/siphon/
Submitted by Jason Peel <jsyn@nthought.com>
--
The Sentinel project is designed to be a portable, accurate
implementation of all publicly known promiscuous detection
techniques.
These include:
DNS Test - Etherping Test - ARP Test - ICMP Ping Latency Test
--
AIDE (Advanced Intrusion Detection Environment) is a free replacement
for Tripwire. It does the same things as the semi-free Tripwire and
more.
What does it do?
It creates a database from the regular expression rules that it
finds from the config file. Once this database is initialized it
can be used to verify the integrity of the files. It has several
message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that
are used to check the integrity of the file. More algorithms can
be added with relative ease. All of the usual file attributes can
also be checked for inconsistencies. It can read databases from
older or newer versions. See the manual pages within the distribution
for further info. There is also a beginning of a manual.
WWW: http://www.cs.tut.fi/~rammer/aide.html
*) Fixed a format string bug which is exploitable if --batch is not used.
*) Checked all translations for format strings bugs.
*) Removed the Russian translation due to too many bugs.
*) Fixed keyserver access and expire time calculation.
ok maintainer
---
This module offers some high level convenience functions for accessing
web pages on SSL servers, a sslcat() function for writing your own
clients, and finally access to the SSL api of SSLeay package so you can
write servers or clients for more complicated applications.
an object-oriented method for interacting with GnuPG, being able
to perform functions such as but not limited to encrypting, signing,
decryption, verification, and key-listing parsing.
shared memory coprocess interface that gpg provides for its wrappers.
It tries its best to map the interactive interface of the gpg to a
more programmatic model.
patch from:
Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
# http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff
# http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff.asc
It introduces additional consistency checks, as suggested by the
authors of the paper. The checks are slightly different, but they
make the two additional attacks infeasible, I think. In the future,
it might be a good idea to add a check the generated signature for
validity, this will detect bugs in the MPI implementation which could
result in a revealed secret key, too.
ok markus@
This is Crypt::CBC, a Perl-only implementation of the cryptographic
cipher block chaining mode (CBC). In combination with a block cipher
such as Crypt::DES or Crypt::IDEA, you can encrypt and decrypt messages
of arbitrarily long length.
--
This release fixes a bug in pid creation. If a user specified -P /dirname
instead of -P /dirname/ stunnel would assume that it's a file, delete it and
create a new one. Now stunnel makes sure if it's really a file.
Based on a tarball from Shell Hung <i@shellhung.org>
--
This module sprung out of a need to do one thing and one thing only,
do it securely, and do it well. This module creates and checks
detached signatures for data. That's it. If you want to do anything
else that PGP lets you do, look elsewhere.
