0.6.4 20020212
+ You can sniff remote traffic from a romote cisco router
and make mitm attacks on it using GRE tunnels.
+ Added some bits for the passive OS fingerprint database.
Now even the length of the packet make sense.
+ The sniffing interface now support JOINED view
+ NEW PLUGIN :
- thief (dumps all files from HTTP)
- zaratan (redirect GRE tunnels)
+ ICQ dissector now search for passwords on all ports
+ Updated the passive OS fingerprint database (675 records)
+ Changed the arg 2 of Plugin_HookPoint for PCK_RECEIVED_RAW
!! Under OpenBSD the pflog interface is ingored
!! Fixed the DATA_PATH issue in the phantom plugin
!! Fixed an unsigned short in state_machine
!! Fixed some plugins that don't recognize the 'yes' answer
!! Fixed the plugins symbol problem on Mac OS X (strip -x)
!! Fixed the possibility of remote exploitation on interface with MTU > 1500
>From ChangeLog:
Some bugs have been fixed.
o use trio library if system's printf is broken with %lld.
o fixed single quote escaping in several places.
o fixed coredump if service is unknown.
o fixed keep-alive for http/1.1.
o fixed uploading in ssl enabled ftp when data connection is protected.
o don't send AUTH TLS to ftp proxy.
o fixed fish protocol module.
to include capture, name resolution, and window geometry settings. It is
now possible to search for all fields in GIOP messages. You can now build
display filters on the fly by right-clicking on tree view items.
Additionally, protocol hierarchy statistics display and MacOS X capture
timeout bugs have been fixed.
The idl2eth utility now handles CORBA IDL recursive unions and structs and
the text2pcap utility also received updates, including SCTP support.
New dissectors include DHCPv6, DLSw, IAPP, SCSI, SPOOLSS RPC, SliMP3, and
TSP. Dissectors receiving updates include AFS, AIM, Auto-RP, BGP, BOOTP,
DCE RPC, DIAMETER, FDDI, GTP, H.261, HMIPv6, IS-IS, iSCSI, ISUP, LDAP,
M3UA, MIP, MMSE, MTP3, NBNS, NCP, NDMP, NFS, ONC RPC, PIM, PPP, PPP,
Q.931, RPC, RSVP, RTCP, SCTP, SDP, SIP, SMB/CIFS, SSL, STAT, Syslog, TCP,
TNS, VJ, WTP, and ypbind.
Support for WildPackets' AiroPeek and OpenBSD pflog capture file formats
have been added (you can read pflog data from a file, or directly from the
logging interface). Support for the DBS Etherwatch, EtherPeek, NetMon,
and VMS TCPIPtrace formats has been enhanced.
DCTC is a Direct Connect clone, allowing users to share their files
and talk (like IRC but more software sharing oriented) using a
proprietary protocol.
Dnstracer determines where a given Domain Name Server (DNS) gets
its information from, and follows the chain of DNS servers back to
the servers which know the data.
Its behaviour is similair to ntptrace(8), which does it for the
NTP protocol.
silc-client is a client for the SILC (Secure Internet Live Conferencing)
protocol. SILC (Secure Internet Live Conferencing) is a protocol
which provides secure conferencing services in the Internet over an
insecure channel.
Security Fixed : A vulnerability was discovered that may allow
people to send data to the ircd on your behalf. With default
settings, 1.8.x is NOT vulnerable. An easy fix is:
/set percascii 0
Reported by : Marcin Dobrucki <siili@nixu.com>
---
python module to handle IPv4 and IPv6 address
IPy is a module for handling IPv4 and IPv6 -Addresses and Networks
in a fashion similar to perl's Net::IP and friends. The IP class
allows a comfortable parsing and handling for most notations in use
for IPv4 and IPv6 Addresses and Networks.
WWW: http://c0re.jp:80/c0de/IPy/
python interface to cURL library
---
PycURL is a Python module that interface with the cURL library, by
using this module, you can fetch documents identified by a URI from
within a Python program.
WWW: http://pycurl.sf.net/
--
Several new features have been added, including TCP graphs and ring buffer
captures. The SMB dissector was completely rewritten and many enhancements
were made to the user interface. The text2pcap utility can now handle a
broader range of input data formats. The developer documentation also
received many updates. Bug fixes include a workaround for an SNMP bug
present several Linux distributions.
Many dissectors were enhanced. Support for the following protocols was
added:
EAPOL
M2TP
MS RPC
MTP2
PCNFSD
PPP/EAPOL
QLLC
SMPP
SUA
Support for DBS Etherwatch, Visual Networks Visual UpTime, and VMS
TCPIPtrace capture files was added. Ascend/Lucent debug Etherpeek,
iptrace and MS Netmon capture file support was enhanced.
take maintainership, fgs ok
- make icq icons default
- allow ickle to build with an existing copy of libicq2000 installed
Changes include:
o Support for direct connections, dealing with authorization
requests/responses, fetching away messages
o Support for character set translation
o Bugfixes, portability fixes
o New settings - autologin, autoraise, autopopup, autoclose messagebox,
logging, font selection, network.
* check return of RAND_file_name better; allows ntp-genkeys to continue
if a seed file is not found.
* regen configure patch
* quote package comments
* files/md5 -> distinfo
This release adds a very important improvement. ICQ communications were
moved to the library of ickle client, written by Barnaby Gray
<barnaby@beedesign.co.uk>. Since the library supports the icq2000
protocol, this version centericq doesn't loose messages unlike previous
ones. Also it's now possible to send SMSes. Though, the library is not
complete yet, so features such as finding users, updating details,
sending contacts and files are now gone. Temporary.
--
Pure-FTPd is a fast, production-quality, standard-conformant FTP server,
based upon Troll-FTPd.
Unlike other popular FTP servers, it's designed to be secure in default
configuration, has no known buffer overflow, it is really trivial to set
up and it is especially designed for modern kernels.
Features include chroot()ed home directories, virtual domains, built-in
'ls', anti-warez system, bounded ports for passive downloads, FXP
protocol, bandwidth throttling, ratios, LDAP, customizable SQL, fortune
files, Apache-like log files, fast standalone mode, text / HTML / XML
real-time status report, virtual users, virtual quotas and more.
>From ChangeLog:
- fixed rm and rmdir
- fixed listing parser in Fish protocol, now it extracts all information.
- force LC_NUMERIC to C, this fixes floating point settings initialization.
- fixed assertion failure when setting ftp proxy after establishing connection
to an ftp server.
- fixed a memory leak and some other bugs in cls (Glenn Maynard).
From ChangeLog:
- Fixed crash in frag2 under Linux
- Fixed flexresp code, session sniping should work again and be
faster to boot
- Fixed ICMP decoder and printout routines for new ICMP header
data structs in decode.h
- Added -B command line switch to translate IP addresses in pcap
files from one subnet to another (see the man page).
- Added spo_log_null to give users an option to deactivate logging
output from the snort.conf file.
vICQ is a simple text-mode ICQ client written with look and feel of
micq in mind. Its features: PERL source code suitable for hacking
and scripting, text-only look & feel, and ICQ v7 protocol support.
Net::ICQ2000 module is designed to give perl scripts access to the
ICQ network and the functions provided by it, like SMS.
Note that once vicq is stable, I'll import it.
As Mirabilis servers have problems w/ v7 protocol, all the Unix ICQ
clients work very unstable nowadays - some messages never arrive, or
get delivered over an incredible amount of time, etc. Until there is
a good free library for icq2000 protocol, the centericq author
implemented other IM protocols in the client. With this version, Yahoo
and MSN protocol support are introduced.
--
ipband is a pcap based IP traffic monitor. It tallies per-subnet traffic
and bandwidth usage and starts detailed logging if specified threshold
for the specific subnet is exceeded. If traffic has been high for a
certain period of time, the report for that subnet is generated which
can be appended to a file or e-mailed. When bandwidth usage drops below
the threshold, detailed logging for the subnet is stopped and memory is
freed.
This utility could be handy in a limited bandwidth WAN environment
(frame relay, ISDN etc. circuits) to pinpoint offending traffic source
if certain links become saturated to the point where legitimate packets
start getting dropped.
It also can be used to monitor internet connection when specifying the
range of local ip addresses (to avoid firing reports about non-local
networks).
WWW: http://ipband.sourceforge.net/
Submitted by Vincent Derrien <hyzzod@free.fr>
- Support for decrypting resumed sessions.
- Fixed a core dump under certain RST conditions.
- Support for an arbitrary number of connections (previous versions had a hard limit).
- Better error reporting when you provide a bad password.
- Some performance fixes.
- Other bug fixes.
- Bugfixes, optimizations and a few new features; see
http://gtk-gnutella.sourceforge.net/changelog/ for details
o Install README and manual page from debian
o Clean up DESCR
o This is not an audio-related port
o The port uses X11
o The port can build concurrently
Ok lebel@
Enhancements were made to many dissectors. In particular, the SMB, DCE
RPC, PPP, and GIOP dissectors had major updates.
New dissectors include:
CosEventComm
Quake 3 Arena
GMRP
GTP
HMIPv6
OSPFv3
MMSE
UCP
Skinny Client Control Protocol
The Chatbot::Eliza module implements the classic Eliza algorithm.
The original Eliza program was written by Joseph Weizenbaum and described
in the Communications of the ACM in 1967. Eliza is a mock Rogerian
psychotherapist. It prompts for user input, and uses a simple
transformation algorithm to change user input into a follow-up question.