| Date: | 25 Jan 2005 22:56:51 -0000 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #220 |
SecurityFocus Linux Newsletter #220
------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Unintended Consequences
2. Blind Buffer Overflows In ISAPI Extensions
II. LINUX VULNERABILITY SUMMARY
1. Gatos xatitv Unspecified Buffer Overflow Vulnerability
2. PlayMidi Local Buffer Overflow Vulnerability
3. MySQL Database MySQLAccess Local Insecure Temporary File Cre...
4. Gallery Multiple Unspecified Input Validation Vulnerabilitie...
5. ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
6. GNU Queue Multiple Unspecified Buffer Overflow Vulnerabiliti...
7. XPDF MAKEFILEKEY2 Function Remote Buffer Overflow Vulnerabil...
8. CMSimple Multiple Remote Input Validation Vulnerabilities
9. Apache Utilities Insecure Temporary File Creation Vulnerabil...
10. Linux Kernel Audit Subsystem Local Denial Of Service
Vulnera...
11. RealNetworks RealOne Player And RealPlayer ShowPreferences
A...
12. Konversation IRC Client Multiple Remote Vulnerabilities
13. RealNetworks RealOne Player And RealPlayer Multiple
Potentia...
14. xtrlock Unspecified Local Buffer Overflow Vulnerability
15. Sun Java Plug-in Multiple Applet Vulnerabilities
16. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of
...
17. Advanced Linux Sound Architecture Library Stack Protection
D...
18. Multiple Ethereal Unspecified Dissector Vulnerabilities
19. Ghostscript Multiple Local Insecure Temporary File Creation
...
20. GNU Enscript Multiple Vulnerabilities
21. Linux Kernel Unspecified Local NFS I/O Denial of Service
Vul...
III. LINUX FOCUS LIST SUMMARY
1. Encrypted Filesystems (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. CoreGuard Core Security System
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. Firestarter 1.0.0
2. Network Equipment Performance Monitor 2.2
3. BitDefender for qmail v1.5.5-2
4. Bilbo 0.11
5. Ipanto Secure 2.0
6. ROPE for IpTables 20041119
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Unintended Consequences
By Scott Granneman
The law of unintended consequences shows us how many innocent
innovations
like email, anti-virus and DRM can become something far worse than the
inventors had ever imagined.
http://www.securityfocus.com/columnists/293
2. Blind Buffer Overflows In ISAPI Extensions
By Isaac Dawson
This paper will outline the risks ISAPI Extensions pose and how they
can be
exploited by third parties without any binary exposure or knowledge
using
blind stack overflows. This method can enable remote code execution in
proprietary and third party applications.
http://www.securityfocus.com/infocus/1819
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. Gatos xatitv Unspecified Buffer Overflow Vulnerability
BugTraq ID: 12273
Remote: Unknown
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12273
Summary:
An unspecified buffer overflow vulnerability affects the gatos xatitv
utility, which is setuid by default. This issue is due to a failure of
the application to properly validate the length of user-supplied strings
prior to copying them into static process buffers.
The details currently available surrounding this issue are insufficient
to provide and accurate technical description. It is not known if this
issue is triggered by an excessively long command line argument, or by
some configuration file parameter, or by some multimedia file
parameter.
This BID will be updated as more details are released.
An attacker may leverage this issue to execute arbitrary instructions
with the privileges of the superuser. This may potentially lead to
privilege escalation or unauthorized access.
2. PlayMidi Local Buffer Overflow Vulnerability
BugTraq ID: 12274
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12274
Summary:
A local buffer overflow vulnerability affects Playmidi. This issue is
due to a failure of the an unspecified setuid utility that is packaged
with the Playmidi suite to properly validate the length of
user-supplied strings prior to copying them into static process buffers.
This BID will be updated as more information becomes available.
A local attacker may leverage this issue to execute arbitrary
instructions with the privileges of the superuser. This may facilitate
privilege escalation and potentially unauthorized access.
3. MySQL Database MySQLAccess Local Insecure Temporary File Cre...
BugTraq ID: 12277
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12277
Summary:
A local insecure temporary file creation vulnerability affects the
MySQL Database. This issue is due to a failure of a script bundled with
the application to securely create temporary files in globally accessible
locations.
An attacker may leverage this issue to corrupt arbitrary files with the
privileges of the user that activates the vulnerable script.
4. Gallery Multiple Unspecified Input Validation Vulnerabilitie...
BugTraq ID: 12286
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12286
Summary:
Gallery is reported prone to multiple unspecified remote input
validation vulnerabilities. It is reported that multiple instances of
insufficient sanitization performed on Gallery variables were fixed; reports
indicate that these issues may be exploited to disclose Gallery passwords
contained in the Gallery database.
5. ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
BugTraq ID: 12287
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12287
Summary:
A client-side buffer overflow vulnerability affects the Photoshop
document (PSD) parsing functionality of ImageMagick. This issue is due to a
failure of the application to properly validate the length of
user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue remotely by sending a malicious file
through email or some other means to an unsuspecting user and enticing
them to process it with the affected application.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
6. GNU Queue Multiple Unspecified Buffer Overflow Vulnerabiliti...
BugTraq ID: 12293
Remote: Unknown
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12293
Summary:
Multiple unspecified buffer overflow vulnerabilities affect GNU Queue.
This issue is due to a failure of the application to properly validate
the length of user-supplied strings prior to copying them into static
process buffers.
An attacker may leverage these issues to execute instructions with the
privileges of the affected application. Although unconfirmed this may
facilitate unauthorized access or privilege escalation.
This BID will be updated as more information becomes available.
7. XPDF MAKEFILEKEY2 Function Remote Buffer Overflow Vulnerabil...
BugTraq ID: 12302
Remote: Yes
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12302
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This
issue exists because the applications fails to perform proper boundary
checks before copying user-supplied data in to process buffers. A
remote attacker may execute arbitrary code in the context of a user running
the application. This can result in the attacker gaining unauthorized
access to the vulnerable computer.
It is reported that this issue presents itself in the
'Decrypt::makeFileKey2' function residing in the 'xpdf/Decrypt.cc' file.
This issue is reported to affect xpdf 3.00, however, it is likely that
earlier versions are prone to this vulnerability as well. Applications
using embedded xpdf code may be vulnerable to this issue as well.
8. CMSimple Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 12303
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12303
Summary:
Multiple input validation vulnerabilities affect CMSimple. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamically generated Web content.
The first issue is an HTML injection vulnerability in the guestbook
functionality of the application. The second issue is a cross-site script
vulnerability in the search functionality of the application.
An attacker may leverage these issues to have arbitrary script code
executed in the context of the vulnerable Web site. This will facilitate
theft of cookie based authentication credentials as well as other
attacks.
9. Apache Utilities Insecure Temporary File Creation Vulnerabil...
BugTraq ID: 12308
Remote: No
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12308
Summary:
A local insecure temporary file creation vulnerability reportedly
affects Apache Software Foundation Apache Utilities. This issue is due to a
failure of the affected utility to securely create temporary files in
world writable locations.
An attacker may leverage this issue to corrupt, write to or create
arbitrary files with the privileges of the user or process running the
vulnerable script.
10. Linux Kernel Audit Subsystem Local Denial Of Service Vulnera...
BugTraq ID: 12309
Remote: No
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12309
Summary:
An unspecified local denial of service vulnerability is reported to
affect the system call filtering code in the audit subsystem of the Linux
kernel.
Originally, it was believed that this vulnerability was isolated to the
kernel that is distributed with Red Hat Enterprise Linux. This is not
the case and this BID is updated accordingly.
11. RealNetworks RealOne Player And RealPlayer ShowPreferences A...
BugTraq ID: 12311
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12311
Summary:
RealOne Player and RealPlayer are affected by a buffer overflow
vulnerability. This issue may be exploited by a remote attacker to execute
arbitrary code in the context of the software.
The application fails to perfrom proper boundary checks before copying
the arguments of the 'ShowPreferences' action to a static buffer
through a 'sprintf()' function call.
An attacker can design a malicious Web site or skin file and trigger an
overflow condition in the application. This issue may be leveraged to
execute arbitrary code in the context of the user running the
application.
It is likely that this issue is identical the vulnerability described
in BID 11307 (RealNetworks RealOne Player And RealPlayer Unspecified Web
Page Code Execution Vulnerability). This cannot be confirmed at the
moment, however, one of the BIDs will be retired, if it turns out that
the BIDs represent the same issue.
12. Konversation IRC Client Multiple Remote Vulnerabilities
BugTraq ID: 12312
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12312
Summary:
Konversation is a freely available IRC client for KDE windows
environments on Linux platforms.
Multiple remote vulnerabilities affect the Konversation IRC client.
These issues are due to input validation failures and design flaws.
The first issue is due to a failure of the application to filter
various parameters from the IRC environment prior to including them in
commands made to the underlying operating system. The second issue affects
the QuickButtons functionality of the vulnerable application. Finally a
design error causes the quick connect dialogue to confuse a supplied
nickname with a supplied password.
An attacker may leverage these issues to execute arbitrary shell and
Konversation commands, potentially leading to denial of service attacks
and system compromise.
13. RealNetworks RealOne Player And RealPlayer Multiple Potentia...
BugTraq ID: 12315
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12315
Summary:
RealNetworks RealOne Player And RealPlayer are reported prone to
multiple potential vulnerabilities. These issues may allow an attacker to
potentially execute arbitrary code or disclose the presence of files on a
vulnerable computer.
The following specific issues were identified:
The first issue presents itself when the application processes Real
Metadata Package files containing malformed tags. The researchers
responsible for discovering this issue have reported that this issue may not
be exploitable and represents a potential threat.
The second issue may allow attacker to determine the existence of files
on a vulnerable computer. The validity of this issue is not confirmed
at the moment is also considered a potential threat.
It is likely that this issues were originally released as unspecified
vulnerabilities. This cannot be confirmed at the moment, however, one of
the BIDs will be retired, if it turns out that the BIDs represent the
same issues.
14. xtrlock Unspecified Local Buffer Overflow Vulnerability
BugTraq ID: 12316
Remote: No
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12316
Summary:
xtrlock is reported prone to an unspecified local buffer overflow
vulnerability. This issue exists due to insufficient boundary checks
performed by the application when copying user-supplied data in to process
buffers.
xtrlock is likely to be executed with superuser privileges, allowing
the attacker to gain elevated privileges.
Due to a lack of information, further details cannot be provided at the
moment. This BID will be updated when more information is available.
15. Sun Java Plug-in Multiple Applet Vulnerabilities
BugTraq ID: 12317
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12317
Summary:
The Sun Java Plug-in is prone to multiple vulnerabilities.
The first issue can allow an untrusted applet to escalate its
privileges to access resources with the privilege level of the user running the
applet.
This issue only exists in Internet Explorer running on Windows.
The second issue allows an untrusted applet to interfere with another
applet embedded in the same web page.
This issue exists in Java running on Windows, Solaris, and Linux.
16. Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of ...
BugTraq ID: 12324
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial of service
vulnerability in its NTLM authentication module.
This vulnerability presents itself when an attacker sends unspecified
NTLM data to Squid. The issue exists due to a memory leak that occurs
because memory allocated to store a base64-decoded string is not freed.
It is conjectured that this issue allows an attacker to cause the NTLM
helper application to run out of memory and fail.
17. Advanced Linux Sound Architecture Library Stack Protection D...
BugTraq ID: 12325
Remote: No
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12325
Summary:
The Advanced Linux Sound Architecture (ALSA) library contains a
weakness that disables stack protection schemes for its children.
If a child application of the ALSA library contains an exploitable
stack overflow, it will not be protected against by any stack protection
schemes that may be in place, potentially allowing arbitrary code to be
executed on the computer.
18. Multiple Ethereal Unspecified Dissector Vulnerabilities
BugTraq ID: 12326
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12326
Summary:
Ethereal is prone to multiple vulnerabilities ranging from denial of
service to arbitrary code execution.
The first issue could cause the COPS dissector to go into an infinite
loop.
The second issue could cause the DLSw dissector to force Ethereal to
exit prematurely.
The third issue could cause the DNP dissector to corrupt memory.
The fourth issue could cause the Gnutella dissector to force Ethereal
to exit prematurely.
The fifth issue could cause the MMSE dissector to free statically
allocated memory.
The sixth issue could cause a buffer overflow in the X11 dissector.
19. Ghostscript Multiple Local Insecure Temporary File Creation ...
BugTraq ID: 12327
Remote: No
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12327
Summary:
Ghostscript is reportedly affected by multiple local insecure temporary
file creation vulnerabilities. These issues are likely due to a design
error that causes the application to fail to verify the existence of a
file before writing to it.
An attacker may leverage these issues to overwrite arbitrary files with
the privileges of an unsuspecting user that activates a vulnerable
application.
AFPL Ghostscript version 8.50, and GNU Ghostscript 8.01 are reportedly
affected by these vulnerabilities. Other versions may also be affected.
20. GNU Enscript Multiple Vulnerabilities
BugTraq ID: 12329
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12329
Summary:
Multiple vulnerabilities are reported in GNU enscript.
The first issues are reportedly due to insufficient sanitization of
user-supplied input data, leading to the possibility of arbitrary command
execution.
There are also reportedly multiple unspecified buffer overflow
vulnerabilities present in the utility. These issues are due to a failure of
the application to properly bounds check user-supplied data prior to
copying it into insufficiently sized memory buffers.
These issues are all locally exploitable, as enscript does not contain
any network support. By combining enscript in network-based
applications such as 'viewcvs', and possibly others, these issues could likely be
remotely exploited.
Enscript is not installed with setuid privileges, but it may be
utilized as a part of print spooler systems. By exploiting these issues,
attackers may be able to execute arbitrary commands or machine code in the
context of the affected system that is utilizing the affected utility.
Other attacks are also possible depending on how the utility is
utilized.
21. Linux Kernel Unspecified Local NFS I/O Denial of Service Vul...
BugTraq ID: 12330
Remote: No
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12330
Summary:
The Linux kernel is reported prone to an unspecified local denial of
service vulnerability. It is reported that issue exists locally and is
exploitable through direct I/O access to NFS file systems.
Successful exploitation will lead to a kernel panic on a computer with
NFS mounts. This would effectively deny service to legitimate users.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Encrypted Filesystems (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/388308
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates
all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. Firestarter 1.0.0
By: Tomas Junnonen
Relevant URL: http://www.fs-security.com/
Platforms: Linux
Summary:
Firestarter is graphical firewall tool for Linux. The program aims to
combine
ease of use with powerful features, serving both desktop users and
administrators.
2. Network Equipment Performance Monitor 2.2
By: Nova Software, Inc.
Relevant URL: http://www.nepm.net/
Platforms: AIX, FreeBSD, HP-UX, Linux, Solaris, True64 UNIX, UNIX,
Windows 2000, Windows NT, Windows XP
Summary:
NEPM is a very general, highly configurable, two part software system
that monitors any type of logged data from IP networked equipment and
reports it via E-mail and web pages. Current conditions and history from
systems based on Windows NT/2000 and UNIX can be tracked and reported.
Most major server, switch and router systems can be monitored, without
running agents on the target systems.
3. BitDefender for qmail v1.5.5-2
By: SOFTWIN <mmitu@bitdefender.com>
Relevant URL: http://www.bitdefender.com/bd/site/products.php?p_id=10
Platforms: Linux
Summary:
BitDefender for qmail is a powerful antivirus software for Linux mail
servers, which provides proactive protection of message traffic at the
email server level, eliminating the risk to the entire network that
could be caused by a negligent user. All messages, both sent and received,
are scanned in real time, avoiding the possible infections and
preventing anyone from sending an infected message. BitDefender claims 100%
detection rate for all viruses in the wild (ITW) through its powerful
scanning engines certified by the most prestigious testing labs (ICSA in
February 2003, Virus Bulletin 100% in June 2003 and CheckMark in August
2003).
4. Bilbo 0.11
By: Bart Somers
Relevant URL: http://doornenburg.homelinux.net/scripts/bilbo/
Platforms: FreeBSD, Linux
Summary:
Bilbo is an automated, multithreaded nmap-scanner and reporter, capable
of header fetching and matching the results against a database from
previous scans.
5. Ipanto Secure 2.0
By: Ipanto
Relevant URL: http://www.ipanto.com/secure
Platforms: HP-UX, Linux, Solaris, UNIX
Summary:
Ipanto Secure allows ISC based DHCP servers (UNIX, Linux) to send
signed dynamic DNS updates to a Microsoft DNS, using the GSS-TSIG protocol.
6. ROPE for IpTables 20041119
By: Chris Lowth
Relevant URL: http://www.lowth.com/rope
Platforms: Linux
Summary:
ROPE allows IpTables to block P2P and other complex protocols
accurately.
It is a highly flexible iptables module that allows complex protocols
(such as are used by P2P software) to be identified. It is an in-kernel
scripting language designed for IP packet matching. A growing number of
sample configurations (scripts) are provided, including: blocking
Gnutella and Bittorrent clients, blocking large web downloads - etc. Plenty
more to come.
ROPE is part of the P2PWall
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------