lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.61.0701072014550.4365@yvahk01.tjqt.qr>
Date:	Sun, 7 Jan 2007 20:55:31 +0100 (MET)
From:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Netfilter Mailing List <netfilter@...ts.netfilter.org>,
	nmap-dev@...ecure.org
Subject: [announce] chaostables 0.4

[Not sure if netfilter/nmap-dev bounce when you are not subscribed, 
remove if in doubt.]


Hello lists,


chaostables 0.4 has been released. This is a package containing some 
netfilter modules to work against nmap and port scans. 'portscan' can 
match on stealth, syn, connect scans, also finds FIN-connect scans and 
simple banner grabbing. 'DELUDE' works like TARPIT, making it look like 
the port is open, but actually does not hold the connection like TARPIT, 
hence should not fill up conntrack. 'CHAOS' will deliver what it says: 
slows down nmap scans[1] and provides back bogus non-deterministic 
replies -- the more even with DELUDE/TARPIT.

For Linux 2.6.18, .19, .20, iptables 1.3.6, 1.3.7. CHAOS 
currently requires TARPIT during build and runtime.

'portscan' and 'CHAOS' can also be synthesized by rule logic "only"[2], 
giving way to possibly implement it on BSD ipf* too. Details in 
doc/fw.html.

Suggestions for improvement are welcome.
Please discuss the usefulness and let me
hear [LKML] any objections for inclusion in Linux mainline too.

	http://freshmeat.net/releases/244538/ - this release
	http://freshmeat.net/p/chaostables/   - generally


Thanks,
Jan


[1] nmap 3.81 timings have been done back in 2005, but things have 
changed a little since 4.x. Redoing the timing benchmarks is already on 
TODO.

[2] Requires: connmark && CONNMARK &&
              (conntrack || state) &&
              (random || nth || statistic || hashlimit)
    or equivalent. Depends on how you implement it.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ