Submitted by Wangden Kelsang <wngdn@src.uchicago.edu>.
Nslint reads the (BIND) nameserver configuration files and performs
a number of consistency checks on the dns records. Nslint is known
to work with BIND versions 4, 8, and 9.
This port had no real name associated with the listed address. When
trying to reach this person, the mail bounces. It also appears from
the logs that this person hasn't been maintaining this.
Sirc is an Internet Relay Chat programmable client written in
perl and C. It has a main perl script that can be run in 'dumb'
mode, standalone, and a separate split-screen front end in C,
called ssfe.
Sing is a little tool that sends ICMP packets fully customized from
command line. The main purpose is to replace/complement the niceful
ping command with certain enhancements as:
o Send fragmented packets.
o Send monster packets > 65534.
o Send/read spoofed packets.
o Send many ICMP Information types in addition to the ECHO REQUEST
type sent by default as Address Mask Request, Timestamp, Information
Request, Router Solicitation and Router Advertisement.
o Send many ICMP error types: Redirect, Source Quench, Time Exceeded,
Destination Unreach and Parameter Problem.
o Send to host with Loose or Strict Source Routing.
o Use little fingerprinting techniques to discover Window$ or Solaris
boxes.
o Send ICMP packets emulating certain OS: Cisco, Solaris, Linux, Shiva,
Unix and Window$ at the moment.
Angst provides methods for aggressive sniffing on switched
local area network environments.
It dumps the payload of all the TCP packets received on the
specified ports. Moreover, it implements methods for active
sniffing. Angst currently provides two active sniffing methods.
The first monitors ARP requests, and after enabling IP
forwarding on the local host, sends ARP replies mapping all IPs
to the local MAC address. The second method floods the local
network with random MAC addresses (like macof v1.1 by Ian Vitek),
causing switches to send packets to all ports. Made just for
testing purposes and fun. If you compile it on any other
platform except the ones listed below, please contact me at the
above email address. As always, published under a BSD style
license, see the included LICENSE file.
Changes: This version responds differently to *-class queries, and
to AXFR requests, to placate a few broken clients. The servers now
log ``starting'' messages.
--
tcpstat reports certain network interface statistics much like
vmstat does for system statistics. tcpstat gets its information by
either monitoring a specific interface, or by reading previously
saved tcpdump data from a file.
Major changes:
* tinydns automatically returns a random set of 8 addresses, in a
random order, from a cluster of any size.
* tinydns supports client differentiation. There's no longer any
reason to use pickdns.
* dnstracesort prints glue information. This reveals all sorts of
interesting inconsistencies.
--
BIND 9.1.0 has been released. Compared to BIND 9.0, BIND 9.1 has a
number of new features as well as numerous bug fixes and cleanups.
The new features include:
- Many BIND 8 features previously unimplemented in BIND 9,
including domain-specific forwarding, the $GENERATE
master file directive, and the "blackhole", "dialup",
and "sortlist" options
- Forwarding of dynamic update requests; this is enabled
by the "allow-update-forwarding" option
- A new, simplified database interface and a number of
sample drivers based on it; see doc/misc/sdb for details
- Support for building single-threaded servers for
environments that do not supply POSIX threads
- New configuration options: "min-refresh-time",
"max-refresh-time", "min-retry-time", "max-retry-time",
"additional-from-auth", "additional-from-cache",
"notify explicit"
- Faster lookups, particularly in large zones.
Submitted by Brian Caswell <bmc@mitre.org>.
ndiff compares two nmap scans and outputs the differences. It
allows monitoring of your network(s) for interesting changes in
port states and visible hosts.
Ethereal 0.8.15 has one of the biggest GUI changes in recent history;
display filters can now be constructed via an easy-to-use point-and-click
interface. Protocol dissectors now exist for: NFSv4, Mobile IPv6, X.25
over TCP, LAPBETHER, DEC LANBridge Spanning Tree Protocol, X.25 over LLC,
Frame Relay, MTP3 User Adaptation Layer, and ISDN Q.921 User Adaptation
Layer. Many other dissectors and core features were improved, and bugs
were squashed. The wiretap library can now read Sniffer Frame Relay files.
Capturing supports the "any" pseudo-device on Linux if you use libpcap 0.6
from www.tcpdump.org.
probes/attacks. Courtney receives input from tcpdump counting the
number of new services a machine originates within a certain time
window. If one machine connects to numerous services within that
time window, courtney identifies that machine as a potential SATAN
host.
Submitted by: Brian Caswell <bmc@mitre.org>
- update to 1.03
Major changes:
* dnscache drops old UDP queries in favor of new ones, and drops old
TCP connections in favor of new ones.
* dnscache supports $FORWARDONLY to forward queries to another cache.
The other cache is listed in root/servers/@.
* dnscache returns TTLs by default, so it can be used as the target
of forwarding.
* dnstrace | dnstracesort produces output that's very easy to scan.
Try dnstrace a www.netscape.com 198.41.0.4 | dnstracesort | less.
- allow concurrent builds.
- respect CFLAGS.
- no need to set ALL_TARGET or WRKDIST.
- do not override install target, use post-install.
- mkdir -> INSTALL_DATA_DIR.
Submitted by Vladimir Popov <pva48@mail.ru>.
WMnet polls network statistics and does a few things with the data it gets.
It has small blinking lights for the rx and tx of IP packets, a digital
speedometer of your polled stat's current speed and a bar graph like xload
et. al which has a tx speed graph from bottom-up and rx speed graph from
the top-down.
interface, but 80-90% of the code isn't text mode specific, so other UIs could
be created pretty easily. Also, Irssi isn't really even IRC specific anymore,
there's already a working SILC module available. Support for other protocols
like ICQ could be created some day too.
within the resolver code makes it possible to overwrite stack
variables by generating a malformed DNS packet. This problem makes
it possible to create a situation where a malicious user may be
able to execute code remotely with the UID and GID of the BitchX
client. It is necessary for an attacker to control their own DNS
to exploit this bug.
--
Besides the new dissectors (WAP, SIP, AIM/OSCAR, GIOP 1.2, 802.11)
and updates to many many dissectors, an exploit for a buffer overrun
in the AFS dissector has been patched. Please upgrade to 0.8.14 as soon
as possible to guard against this exploit, which was announced
this weekend in BugTraq.
- works around Bash bug
- dnscache-conf now wants dnsroots from /etc, instead of /usr/local/etc.
sigh.
Work around this by instructing user to copy dnsroots.global from
PREFIX/share/dnscache to /etc in pkg/MESSAGE.
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
provided with the appropriate keying material, it will also decrypt
the connections and display the application data traffic.
--
New dissectors include H.261, TPKT, and IGRP. RTP and RTCP were
re-written, and many other dissectors were updated and improved.
The wiretap library enables Ethereal to read Nokia-firewall tcpdump
files, Shomiti Surveyor 3.x files, pppd log files (pppdump format),
and NetXRay ATM files.
- remove FAKE
- add RCS ids to patches and PLIST
- add arp.dat to PLIST
- do not install rc.arpwatch in /etc
- add patch to make arpwatch work on interfaces without IP
- remove Makefile.in patch and use do-install to use the
macros and make upgrading the port easier
- bump NEED_VERSION, add real name to MAINTAINER
ok angelos@ (maintainer)