systhread.net

• :: st ::
•  
• about
• coding
• digests
• pics
• search
• texts

• systhread home
•  
• src code examples
• external links
• archived news
• search systhread
• texts, papers and articles

• :: Code Repo ::
• NetWard
• etu
• Nettest
• BSDbench
• pwutils
• Scripts
• ... the rest ...

• about site policies
• pics screens bunkers
• backgrounds logos

 

Changelog

09/26/2008 NetWard Update

A new development/testing version of netward has been cut for anyone tracking and the handful of testers out there. A lot of the options have changed and a few oddball bugs were finally identified. Thanks go to Steve Dickinson for helping to identify some of the bugs. Some of the notable changes were:

• Reverted to regular options parsing vs. sub options - sub options kept breaking and are not really needed.
• The -f | --filter expr option and argument have been dropped in favor of simply tacking filter options onto the end of the argument string.
• Private network specifier dropped in favor of just using the filter.
• Minor code reworks to speed things up.
• Ncurses is no longer needed; libc and libpcap are all that is required to build and execute.
• Identified and noted one oddball vmware bug.

While the options changed - they did not change too much. After compiling just type netward -u or refer to the manual page.

 netward-src · digest

09/08/2008 Site and Code Updates

New site design is up and running after one trial desgin that didn't go so well. The new design is somewhat busier but designed for faster access to a variety of information and pages. The digest entry about it has more information.

Along with the site change a lot of small code updates were done; mostly cosmetic in some of the smaller modules. The netward utility had a lot of patches to correct some bugs and validation testing:

• Extended options were not working correctly - fixed.
• Validated external calling script works (but only with the alarming IP address as the argument for now).
• Validated all current options.

All of the details can be found in the digest entry.

 Digests

09/01/2008 Reading Packets with libpcap Part 2

In the first part of the libpcap series a rudimentry packet reader (or sniffer) was built which could read and print tcp/ip traffic on a particular interface. In the second text a look at some simple checks of the data itself, adding options like interface selection, libpcap filter options and verbosity levels. Some of the checks included are:

• IP Packet Truncation
• IP Header Length
• Ethernet Header Length

The filter options are eventually passed exactly like tcpdump using the tcpdump argv vector copy.

  Text

08/08/2008 NetWard 0.6 Released

The software utils called pksys have been integrated into a single utility called netward. The arguments were compressed into a more nmap-like syntax. Following are some of the changes :

• New debug-gdb target using gdb and DEBUG prints (does not work everywhere)
• Changed debug target to use only prints
• Converted display() to pktprc or *packet processing*
• Added GDB support to debug compiles
• More Makefile magic foo
• Dropped support for darwin *without* debug
• Migration to the NetWard project
• Integrated packet printing from old reader into netward
• Dropped nject (see README for testing)
• Dropped misc scripts support for the time being
• Darwin compile/build support in place (still buggy)
• Added a HACKING file for contributions
• Added AUTHORS file
• Updated INSTALL, TODO, ChangeLog et al.

The TODO list has grown a bit too:

• fix logging/reporting; it is all over the place right now
• make the netfilter (pcap-filter) argument use argv vector cp and include in docs howto !host for spoofable gateways
• ensure that bpf, pcap and netfilter rules work properly
• ipv6 support
• code cleanup again at this point
• flexible rules code parsing systems (compile time option with default(s))
• add in reverse lookup capability (make optional due to performance penalty ???)
• create an external callout mechanism for action scripts based on alerts
• add in packet jacking and rewrite/reaction rules *internally* if possible
• try to figure out the real source of diversionary packets

Of course the usual disclaimer; none or all of the mentioneded changes may ever happen. As is, netward can run out of the box and detect minor errors like mismatched lengths and will score what it thinks might be scans or probes against a host. Suggestions, comments and bricks are all welcome; feel free to email me.

  netward-0.6 · Coding

07/07/2008 DNS Part 3: Primary/Secondary Servers & Misc. Topics

  In the third (last) installment of the DNS series a look at setting up and managing primary and secondary DNS servers for redundancy covering topics such as:

• Zone transfers
• Master/slave configurations

Additionally a look at some of the other options involved with server and zone maintenance.

  Text