Yavipind 0.9.6
Sponsored Links
Yavipind 0.9.6 Ranking & Summary
File size:
0.086 MB
Platform:
Any Platform
License:
GPL (GNU General Public License)
Price:
Downloads:
1202
Date added:
2006-07-13
Publisher:
Jerome Etienne
Yavipind 0.9.6 description
Yavipind is a secure tunnel aka 2 peers securely forwarding packets toward each other. It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual point-to-point device (e.g. tun0). It fully runs in linux userspace.
yavipin has been written because i wasnt satisfied by the existing alternatives. i published some security holes i know in alternatives to bring awareness to users and help them to do a knowledgeable choise:
Security analysis of VTun: This text is a security analysis of VTun. It includes a description of the security based on the source and lists the possible attacks. An attacker can modify packets, replay them, learn pattern of the plain text or easily guess low-entropy password.
Security flaws in tinc: This text describes security flaws in Tinc. It includes a description of the security and lists the possible attacks. An attacker can modify packets, replay them and learn pattern of the plain text.
When designing the protocol and writting the software, the author used the following criteria: the security MUST as strong as reasonably possible, yavipin SHOULD be network efficient, easy to use and install.
Network efficiency:
small packet overhead: 26bytes (e.g. ESP with DES+MD5 is 32byte)
Packet compression: Forwarded packets may be compressed using deflate (gzip). (WORK: add stat about efficiency)
NAT compatible: yavipins tunnel may be establish over NAT as all packets of a tunnel are sent over a single UDP/IPv4 connection. Moreover the peer unreachability detection periodically send packets which prevent the NAT engine from timing out the connection state.
Peer unreachabilty detection: If the other peer becomes unreachable, it will be detected. It is done ala IPv6 neighbours discovery (rfc2461.7).
Gracefull shutdown: If a peer purposely stops, it will notify the other which is immediatly aware of it.
Usages simplicity:
it works in userspace and you dont need to recompile the kernel
reuse existing tools: As yavipin use a virtual device, it is possible to apply to the tunnel any tool designed for network device. For example, it is possible to set up a firewall using ipchains/netfilter or to do traffic shapping using the kernels traffic control (see tc).
Securitys strength:
packet security: each packet exchanged during the connection is encrypted using blowfish CFB and authenticated with HMAC-MD5 96bits.
protection against packet replay: It uses strict anti-replay and no packet can be accepted twice. A eavedropper cant take a packet, keep it for a while and make it accept a second time by the destination.
Efficient session key renewal: It uses hash chains for efficiency. It allows smooth key transition not to cause any packet loss during the renewal. It provides forward secrecy inside the connection.
Protect DoS ala TCP syn : It uses cookie exchange (rfc2522.3) during the connection establishement.
Forward secrecy : Even if the attacker cracks the box, he wont be able to decrypt network traffic older than a given delay (default 10min). The diffie-hellman private key and the session key are periodically renewed and securely erased from memory.
yavipin has been written because i wasnt satisfied by the existing alternatives. i published some security holes i know in alternatives to bring awareness to users and help them to do a knowledgeable choise:
Security analysis of VTun: This text is a security analysis of VTun. It includes a description of the security based on the source and lists the possible attacks. An attacker can modify packets, replay them, learn pattern of the plain text or easily guess low-entropy password.
Security flaws in tinc: This text describes security flaws in Tinc. It includes a description of the security and lists the possible attacks. An attacker can modify packets, replay them and learn pattern of the plain text.
When designing the protocol and writting the software, the author used the following criteria: the security MUST as strong as reasonably possible, yavipin SHOULD be network efficient, easy to use and install.
Network efficiency:
small packet overhead: 26bytes (e.g. ESP with DES+MD5 is 32byte)
Packet compression: Forwarded packets may be compressed using deflate (gzip). (WORK: add stat about efficiency)
NAT compatible: yavipins tunnel may be establish over NAT as all packets of a tunnel are sent over a single UDP/IPv4 connection. Moreover the peer unreachability detection periodically send packets which prevent the NAT engine from timing out the connection state.
Peer unreachabilty detection: If the other peer becomes unreachable, it will be detected. It is done ala IPv6 neighbours discovery (rfc2461.7).
Gracefull shutdown: If a peer purposely stops, it will notify the other which is immediatly aware of it.
Usages simplicity:
it works in userspace and you dont need to recompile the kernel
reuse existing tools: As yavipin use a virtual device, it is possible to apply to the tunnel any tool designed for network device. For example, it is possible to set up a firewall using ipchains/netfilter or to do traffic shapping using the kernels traffic control (see tc).
Securitys strength:
packet security: each packet exchanged during the connection is encrypted using blowfish CFB and authenticated with HMAC-MD5 96bits.
protection against packet replay: It uses strict anti-replay and no packet can be accepted twice. A eavedropper cant take a packet, keep it for a while and make it accept a second time by the destination.
Efficient session key renewal: It uses hash chains for efficiency. It allows smooth key transition not to cause any packet loss during the renewal. It provides forward secrecy inside the connection.
Protect DoS ala TCP syn : It uses cookie exchange (rfc2522.3) during the connection establishement.
Forward secrecy : Even if the attacker cracks the box, he wont be able to decrypt network traffic older than a given delay (default 10min). The diffie-hellman private key and the session key are periodically renewed and securely erased from memory.
Yavipind 0.9.6 Screenshot
Yavipind 0.9.6 Keywords
Yavipind 0.9.6
NAT
secure tunnel
each other
aka 2
Yavipind
packet
packets
security
tunnel
connection
Yavipind 0.9.6
Networking
System
Bookmark Yavipind 0.9.6
Yavipind 0.9.6 Copyright
WareSeeker periodically updates pricing and software information of Yavipind 0.9.6 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of Yavipind 0.9.6 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
Featured Software
Want to place your software product here?
Please contact us for consideration.
Contact WareSeeker.com
Related Information
Related Software
yavipin-conf is a multiple client / server configuration utility for yavipin a la vtun. Free Download
sipsak is a command line tool for performing various tests on Session Initiation Protocol (SIP) applications and devices. Free Download
Cython is a language that makes writing C extensions for the Python language as easy as Python itself. Free Download
jctld is a job/process control system for clusters of machines. Free Download
PHREL is a per host rate limiter. Free Download
brace is a dialect of C that looks a bit like Python. Free Download
Libral is the rubrica engine. Free Download
Bifrost is a firewall management interface to iptables (iptables GUI). Free Download
Latest Software
Popular Software
Favourite Software
