AS_IPFW 4.0 released

Jan Engelhardt jengelh at linux01.gwdg.de
Mon Aug 22 16:09:25 CEST 2005


I am proud to announce the release of AS_IPFW 4.0. AS_IPFW is
designed to be a firewall API, but also has some rulesets that
can be used as-is in many situations. Version 4.0 adds support
for kernel-level iptables-based STEALTH SCAN (tcp half open)
detection -- a first according to my research (with a nameful
search engine). It also dramatically slows down TCP FNX
(FIN/NULL/XMAS) scans -- by more than 50000%, and UDP by more
than 65000%! On top, it provides back false information to do
the best in hindering and confusing hostile actions.

You are welcome to read the "Technical Details" I have written
if you are interested (that's what has delayed this release so
long). Some parts of AS_IPFW 4.0 have not yet received thorough
testing (as is usual with x.0 releases). You are encouraged to
do so, but beware, it takes kernel and iptables patches to get
it going.

A big thanks goes out to the creators of the CONNMARK, RANDOM,
REJECT, TARPIT and goo matches/targets, which make up the
essence of this release.


http://freshmeat.net/p/AS_IPFW/



More information about the netfilter mailing list