- Serious bug resulting in random transfer() hangs fixed.
- Separate file descriptors are used for inetd mode.
- -f (foreground) logs are now stamped with time.
- New ./configure option: --with-tcp-wrappers by Brian Hatch.
- pop3 protocol client support (-n pop3) by Martin Germann.
- nntp protocol client support (-n nntp) by Martin Germann.
- RFC 2487 (smtp STARTTLS) client mode support.
- Transparency support for Tru64 added.
- Some #includes for AIX added.
--
hlfl (High Level Firewall Language) permits writing firewall rulesets
using its high level language, and transforms them into rules for
real software, including IPFilter, ipchains, Netfilter and Cisco IOS.
hlfl attempts to make the best use of the features of the underlying
firewall, such that a conversion from stateless to stateful requires
no modification to the original script.
hlfl was initiated by Renaud Deraison, co-founder of the Nessus
Project.
WWW: http://www.hlfl.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
--
Encrypt/decrypt stdin using the Advanced Encryption Standard winner
"Rijndael" encryption algorithm in Cipher Block Feedback (stream)
mode. Uses /dev/urandom to create a salt. Prepends the output stream
with salt when encrypting, strips it off when decrypting.
WWW: http://aescrypt.sourceforge.net/
--
Corkscrew is a tool for tunneling SSH through HTTP proxies.
Corkscrew has been tested against the Gauntlet, CacheFlow, and
JunkBuster proxies.
WWW: http://www.agroman.net/corkscrew/
Submitted by Jason Peel <jsyn@nthought.com>
that can be played with ordinary sound players. The phone conversation can
either be played directly from the network or from a tcpdump output file.
Vomit is also capable of inserting wavefiles into ongoing telephone
conversations. Vomit can be used as a network debugging tool, a speaker
phone, etc ...
vomit is written by Niels Provos and the port created by Jason Peel.
--
The Siphon Project is a portable passive network mapping suite. In
the latest public version, Siphon passively maps TCP ports and
performs passive operating system detection. Through the magic of
RFC ambiguity and programmer uniqueness, different machines exhibit
telltale characteristics that enable Siphon to make a fairly accurate
guess at what operating system is running on machines sending packets
out over the wire. The beauty of this method is that our tool does
not need to send out a slew of non-RFC compliant packets that trip
intrusion detection systems. In fact, we send out no packets at
all. Whereas nmap crashes some machines and network hardware when
performing its active OS detection tests, Siphon would never crash
remote machines. Siphon is available for UNIX and Win32.
WWW: http://www.gravitino.net/projects/siphon/
Submitted by Jason Peel <jsyn@nthought.com>
--
The Sentinel project is designed to be a portable, accurate
implementation of all publicly known promiscuous detection
techniques.
These include:
DNS Test - Etherping Test - ARP Test - ICMP Ping Latency Test
--
AIDE (Advanced Intrusion Detection Environment) is a free replacement
for Tripwire. It does the same things as the semi-free Tripwire and
more.
What does it do?
It creates a database from the regular expression rules that it
finds from the config file. Once this database is initialized it
can be used to verify the integrity of the files. It has several
message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that
are used to check the integrity of the file. More algorithms can
be added with relative ease. All of the usual file attributes can
also be checked for inconsistencies. It can read databases from
older or newer versions. See the manual pages within the distribution
for further info. There is also a beginning of a manual.
WWW: http://www.cs.tut.fi/~rammer/aide.html
*) Fixed a format string bug which is exploitable if --batch is not used.
*) Checked all translations for format strings bugs.
*) Removed the Russian translation due to too many bugs.
*) Fixed keyserver access and expire time calculation.
ok maintainer
