The Doorman 0.81
Sponsored Links
The Doorman 0.81 Ranking & Summary
File size:
0.13 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1204
Date added:
2006-07-12
Publisher:
Bruce Ward
The Doorman 0.81 description
The doorman guards the door of a server, manipulating firewall rules to admit only recognized parties.
The doorman is intended to run on systems which have their firewall rules turned down tightly enough as to be effectively invisible to the outside world. The doorman adds and removes extra rules in a very controlled manner.
Using metaphor 1...
The doorman daemon "guards the door" of a host, admitting only recognized parties. It allows a server which is not intended for general public access to run with all of its TCP ports closed to the outside world. A matching "knocker" is provided, with which to persuade the doorman to open the door a crack, just wide enough for a single TCP connection from a single IP address.
And now, switching to metaphor 2... :)
A private server thus rigged for silent running has greatly enhanced security. Port scans cannot reveal its existence. Even if its existence is known by other means (or the firewall isnt all that tight), possible bugs in server code cannot be exploited; packets from unknown sources simply never get to the bug.
The current implementation of the doorman, "doormand", is suitable for protecting only TCP services on Unix-type systems. The door-knocker, "knock", can be run under Unix, GNU/Linux, or Microsoft Windows.
The doorman is based on an original idea of Martin Krzywinski, who proposed watching firewall logs for a sequence of packets directed to closed ports, which method he described in Sysadmin magazine and linuxjournal.com.
You might also visit his pages at www.portknocking.org.
This particular implementation deviates a bit from his original proposal, in that the doorman watches for only a single UDP packet. To get the doorman to open up, the packet must contain an MD5 hash which correctly hashes a shared secret, salted with a 32-bit random number, the identifying user or group-name, and the requested service port-number.
Enhancements:
- Added support for linux cooked socket header len; thanks to Markus Hoffmann.
- Fixed guestlist hostname-parsing bug; also thanks to Markus.
- Changed method of remembering old knock hashes, without use of Berkeley DB.
- Kinda-fixed a bug handling pcapnext-returns-null condition. I hope.
- Included lexer.c (flex output from lexer.l) in distribution. Duh.
- Fixed doorman bug when creating new new hashfile; thanks to Robert Koropcak
- No changes made to knock.c; however, it will report being V0.81
The doorman is intended to run on systems which have their firewall rules turned down tightly enough as to be effectively invisible to the outside world. The doorman adds and removes extra rules in a very controlled manner.
Using metaphor 1...
The doorman daemon "guards the door" of a host, admitting only recognized parties. It allows a server which is not intended for general public access to run with all of its TCP ports closed to the outside world. A matching "knocker" is provided, with which to persuade the doorman to open the door a crack, just wide enough for a single TCP connection from a single IP address.
And now, switching to metaphor 2... :)
A private server thus rigged for silent running has greatly enhanced security. Port scans cannot reveal its existence. Even if its existence is known by other means (or the firewall isnt all that tight), possible bugs in server code cannot be exploited; packets from unknown sources simply never get to the bug.
The current implementation of the doorman, "doormand", is suitable for protecting only TCP services on Unix-type systems. The door-knocker, "knock", can be run under Unix, GNU/Linux, or Microsoft Windows.
The doorman is based on an original idea of Martin Krzywinski, who proposed watching firewall logs for a sequence of packets directed to closed ports, which method he described in Sysadmin magazine and linuxjournal.com.
You might also visit his pages at www.portknocking.org.
This particular implementation deviates a bit from his original proposal, in that the doorman watches for only a single UDP packet. To get the doorman to open up, the packet must contain an MD5 hash which correctly hashes a shared secret, salted with a 32-bit random number, the identifying user or group-name, and the requested service port-number.
Enhancements:
- Added support for linux cooked socket header len; thanks to Markus Hoffmann.
- Fixed guestlist hostname-parsing bug; also thanks to Markus.
- Changed method of remembering old knock hashes, without use of Berkeley DB.
- Kinda-fixed a bug handling pcapnext-returns-null condition. I hope.
- Included lexer.c (flex output from lexer.l) in distribution. Duh.
- Fixed doorman bug when creating new new hashfile; thanks to Robert Koropcak
- No changes made to knock.c; however, it will report being V0.81
The Doorman 0.81 Screenshot
The Doorman 0.81 Keywords
Doorman 0.81
TCP
Firewall Rules
to admit
doorman
server
firewall
door
rules
recognized
The Doorman
The Doorman 0.81
Networking
System
Bookmark The Doorman 0.81
The Doorman 0.81 Copyright
WareSeeker periodically updates pricing and software information of The Doorman 0.81 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of The Doorman 0.81 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
Related Software
Transmission is a BitTorrent client which aims to be as efficient as possible. Free Download
Graph is a Perl module with graph data structures and algorithms. Free Download
DictEm is an extremely customizable DICT client for (X)Emacs. Free Download
Thor Panel is a server administration software solution. Free Download
MIDI is a Perl module that can read, compose, modify, and write MIDI files. Free Download
LutelWall (formerly known as Lutel Firewall) is high-level linux firewall configuration tool. Free Download
Simple Firewall is a easy tool for administration users and access control. Free Download
Firestorm is an extremely high performance network intrusion detection system (NIDS). Free Download
Latest Software
Popular Software
Favourite Software
