08/08/2008: NetWard 0.6 Released
The software utils called pksys have been integrated into a
single utility called netward. The arguments were compressed
into a more nmap-like syntax. Following are some of the changes
:
- New debug-gdb target using gdb and DEBUG prints (does not work everywhere)
- Changed debug target to use only prints
- Converted display() to pktprc or *packet processing*
- Added GDB support to debug compiles
- More Makefile magic foo
- Dropped support for darwin *without* debug
- Migration to the NetWard project
- Integrated packet printing from old reader into netward
- Dropped nject (see README for testing)
- Dropped misc scripts support for the time being
- Darwin compile/build support in place (still buggy)
- Added a HACKING file for contributions
- Added AUTHORS file
- Updated INSTALL, TODO, ChangeLog et al.
The TODO list has grown a bit too:
- fix logging/reporting; it is all over the place right now
- make the netfilter (pcap-filter) argument use argv vector cp
and include in docs howto !host for spoofable gateways
- ensure that bpf, pcap and netfilter rules work properly
- ipv6 support
- code cleanup again at this point
- flexible rules code parsing systems (compile time option with default(s))
- add in reverse lookup capability (make optional due to performance
penalty ???)
- create an external callout mechanism for action scripts based on alerts
- add in packet jacking and rewrite/reaction rules *internally* if possible
- try to figure out the real source of diversionary packets
Of course the usual disclaimer; none or all of the mentioneded
changes may ever happen. As is, netward can run out of the
box and detect minor errors like mismatched lengths and will score
what it thinks might be scans or probes against a host. Suggestions, comments
and bricks are all welcome; feel free to
email me.
