On 1/3/2015 7:41 AM, Tom Eastep wrote: > Beta 2 is now available for testing. > > Problems Corrected since Beta 1: > > 1) The -c option to the 'dump' and 'show routing' commands is now > documented. > > 2) The syntax of the 'show' command has been corrected in four > manpages. > > New Features since Beta 1: > > 1) The 'TARPIT' target is now supported in the rules file. Using this > target requires the appropriate support in your kernel and > iptables. This feature implements a new "TARPIT Target" capability, > so if you use a capabilities file, then you need to regenerate the > file after installing this release. > > TARPIT captures and holds incoming TCP connections using no local > per-connection resources. > > > TARPIT only works with the PROTO column set to tcp (6), and is > totally application agnostic. This module will answer a TCP request > and play along like a listening server, but aside from sending an > ACK or RST, no data is sent. Incoming packets are ignored and > dropped. The attacker will terminate the session eventually. This > module allows the initial packets of an attack to be captured by > other software for inspection. In most cases this is sufficient to > determine the nature of the attack. > > > This offers similar functionality to LaBrea > <http://www.hackbusters.net/LaBrea/> but does not require dedicated > hardware or IPs. Any TCP port that you would normally DROP or > REJECT can instead become a tarpit. > > The target accepts a single optional parameter: > > tarpit (default) > > This mode completes a connection with the attacker but limits > the window size to 0, thus keeping the attacker waiting long > periods of time. While he is maintaining state of the > connection and trying to continue every 60-240 seconds, we > keep none, so it is very lightweight. Attempts to close the > connection are ignored, forcing the remote side to time out > the connection in 12-24 minutes. > > honeypot > > This mode completes a connection with the attacker, but > signals a normal window size, so that the remote side will > attempt to send data, often with some very nasty exploit > attempts. We can capture these packets for decoding and > further analysis. The module does not send any data, so if > the remote expects an application level response, the game > is up. > > reset > > This mode is handy because we can send an inline RST > (reset). It has no other function. > > Thank you for testing,
There is a silly bug in Beta 2 -- patch attached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/lib.core b/Shorewall/Perl/lib.core
index 3b5dd18..bea71d9 100644
--- a/Shorewall/Perl/lib.core
+++ b/Shorewall/Perl/lib.core
@@ -652,7 +652,7 @@ interface_is_usable() # $1 = interface
local status;
status=0
- if ! loopback_interface $1 then
+ if ! loopback_interface $1; then
if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)"
!= 0.0.0.0 ]; then
[ "$COMMAND" = enable ] || run_isusable_exit $1
status=$?
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
