Free icmp echo ignore broadcasts software for linux

Apache::LogIgnore is a mod_perl log handler to ignore connections.

SYNOPSIS

in your httpd.conf file, put this in the mod_perl load block (if you have one)

< Location / >

PerlLogHandler Apache::LogIgnore

PerlSetVar DebugFlag 1

#Turn Debugging on

PerlSetVar IgnoreHost 192.168.0.2

#Dont log connections from host

#Exact match

PerlSetVar IgnoreAgent Moz

#Dont log connections using agent

#Containing match, case insensitive

PerlSetVar IgnoreReferer 192.168.0.2

#Dont log connections referred by IP

#Containing match, case insensitive

PerlSetVar IgnoreFrom foo@bar.com

#Dont log connections from Agents with certain E-Mail addresses set

#Containing match, case insensitive

PerlSetVar IgnoreMinSize 100

#Dont log connections below 100 bytes

PerlSetVar IgnoreMaxSize 400000

#Dont log connections above 400000 bytes

PerlSetVar IgnoreType Image

#Dont log connections to certain mime-types

#Containing match, case insensitive

PerlSetVar IgnoreStatus 403

#Dont log status code

#Exact match

< /Location >

This mod_perl log handler can be used to ignore connections which match the criteria.

ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. All the data is encrypted with Rijndael-256 algorithm.
Installation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)

IPv6 FireWall script is a firewall based on ip6tables.

firewall6.sh 122 lines

#!/bin/bash

# Basic IPv6 FireWall script by Dennis Kruyt (dennis@klingon.nl)
#
# Sun Jan 5 18:26:28 2003 - DK

#debug
#set -x

cd /opt/scripts/firewall

source ./config6
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11

# change to script directory
cd ${SCRIPTSDIR}

SCRIPT=${SCRIPTSDIR}/firewall6.sh

case "$1" in
flush)
echo -e "Starting Firewall:"
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
echo -e "Setting defaults op ACCEPT!"
echo -e "ALERT: no firewall rules active"
#
${IPTABLE6} -P INPUT ACCEPT
${IPTABLE6} -P OUTPUT ACCEPT
${IPTABLE6} -P FORWARD ACCEPT
;;
start|reload)
echo -n "Starting Firewall: "
# paging!
#

# create a backup
TIME=`date +%s`
tar -czf /opt/backups/firewall/firewall.${TIME}.tar.gz /opt/scripts/firewall

# sending mail
mail email@address.com -s "Firewall - (re)started" < $0

# wait
sleep 1

# kerneloptions
echo -n "Loading Kernel options.."
./kernel_options6.sh

echo -n "Flushing and deleting all chains.."
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1

# default policy
echo -n "Setting default policy DROP.."
${IPTABLE6} -P INPUT DROP
${IPTABLE6} -P OUTPUT DROP
${IPTABLE6} -P FORWARD DROP

# ?????????????
#${IPTABLE} -F -t mangle
#${IPTABLE} -t mangle -X

echo -e "Loading chains.."
# create chain blacklist
${IPTABLE6} --new blacklist
#And drop the evil ones
for i in $BLACKLIST6;do
${IPTABLE6} -A blacklist --src $i -j DROP
done

#icmp chain
${IPTABLE6} --new icmprules
${IPTABLE6} -A icmprules -p icmpv6 -j ACCEPT

# create out chain
${IPTABLE6} --new out
#localhost to localhost
${IPTABLE6} -A out --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all outgoing IPv6 traffic
${IPTABLE6} -A out --src $SIXXS --dst $ANY6 -j ACCEPT

# create in chain
${IPTABLE6} --new in
#localhost to localhost
${IPTABLE6} -A in --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all incomming IPv6 traffic
${IPTABLE6} -A in --dst $SIXXS --src $ANY6 -j ACCEPT

#All that are in trusted may ssh
for i in $THRUSTED6;do
${IPTABLE6} -A in -p tcp --dst $SIXXS --dport 22 --src $i -j ACCEPT
done

# jump to all ipv6 chains
${IPTABLE6} -A INPUT -j blacklist
${IPTABLE6} -A OUTPUT -j blacklist
${IPTABLE6} -A FORWARD -j blacklist

${IPTABLE6} -A INPUT -j icmprules
${IPTABLE6} -A OUTPUT -j icmprules

${IPTABLE6} -A INPUT -j in
${IPTABLE6} -A OUTPUT -j out

;;
show)
echo -e "Rules in the firewall: ${CHAIN} n"
${IPTABLE6} -L -n
;;
*)
echo -e "Usage: ${SCRIPT} {flush|start|reload|show} n"
exit 1
;;
esac
exit 0

config6 12 lines

export IPTABLE6=/sbin/ip6tables

export SCRIPTSDIR=/opt/scripts/firewall

export EXT="eth0" # device
export SIXXS="3ffe:8114:1000::50f/127" # extern

export ANY6="::/0"
export LOCALHOST6="::1/128"

export THRUSTED6=""

export BLACKLIST6="3ffe:8114:2fff:1391::1"

kernel_options6.sh 7 lines

#!/bin/bash


# forwarding on
#echo "1" > /proc/sys/net/ipv6 blablabla

# Set some other IPv6 proc settings
#echo "1" > /proc/sys/net/ipv6 blablabla

Icmpenum sends ICMP traffic to potential targets on a network.
Introduction:
Host enumeration is the act of determining the IP address of potential targets on a network. This can be done in both layer 2 and layer 3. Icmpenum sends ICMP traffic for such enumeration. The ICMP packets supported are: Echo, Timestamp, Information and Netmask. Furthermore, it supports spoofing and promiscuous listening for reply packets. Icmpenum is great for enumerating networks which allow ICMP traffic.
Installation:
1. Install the latest libpcap (libpcap 0.4, ftp://ftp.ee.lbl.gov/libpcap.tar.Z).
2. Install the latest Libnet (http://www.packetfactory.net/libnet/).
3. Compile icmpenum as follows:
gcc `libnet-config --defines` -o icmpenum icmpenum.c -lnet -lpcap
4. Copy icmpenum to your fave directory and (as root) start enumerating.
Usage:
Running icmpenum -h gives you the following screen:
# ./icmpenum -h
USAGE: ./icmpenum [opts] [-c class C] [-d dev] [-i 1-3] [-s src] [-t sec] hosts
opts are h n p r v
-h this help screen
-n no sending of packets
-p promiscuous receive mode
-r receiving packets only (no
-v verbose
-c class C in x.x.x.0 form
-i icmp type to send/receive, types include the following:
1 echo/echo reply (default)
2 timestamp request/reply
3 info request/reply
-d device to grab local IP or sniff from, default is eth0
-s spoofed source address
-t time in seconds to wait for all replies (default 5)
host(s) are target hosts (ignored if using -c)
Examples:
Here are some example uses of icmpenum to enumerate hosts.
Example 1:
[Host1]# icmpenum 192.168.1.1 192.168.1.2
This will use the default of Echo packets to try and determine if
192.168.1.1 and 192.168.1.2 are up and running.
Example 2:
[Host1]# icmpenum -i 2 -v 192.168.100.100 192.168.100.200
This will enumerate the two hosts using Timestamp packets in
verbose mode.
Example 3:
[Host1]# icmpenum -i 3 -s 10.10.10.10 -p -v 192.168.1.1 192.168.1.2
This will enumerate hosts 192.168.1.1 and 192.168.1.2 using
Information packets with a spoofed address of 10.10.10.10, since our real address is 10.10.10.11 we use the -p option to listen for the replies.
Here are some more advanced uses of icmpenum.
Example 4:
Assuming Host1 is 6.6.6.6 and Host2 is 7.7.7.7, and that the network 1.1.1.0 has potential hosts to enumerate, we use the following two entries to enumerate with Information packets:
[Host2]# icmpenum -r -t 30 -i 3 -c 1.1.1.0
[Host1]# icmpenum -s 7.7.7.7 -i 3 -c 1.1.1.0
Host2 starts first in receive mode with a timeout of 30 seconds and starts listening for Information packets from the 1.1.1.0 network. Then Host1 starts sending spoofed packets with Host2 as the source address, sending exactly what Host2 is listening for. It should be noted that this is hardly stealthy, as logs at 1.1.1s site could have 7.7.7.7s address all over them, but the -r function is good for testing.
Example 5:
Assuming Host1 is 6.6.6.6 and Host2 is 7.7.7.7, and that Host2 can sniff traffic between 1.1.1.0 and 2.2.2.0, we use the following entries to enumerate the 1.1.1.0 network:
[Host2]# icmpenum -t 20 -n -p -i 2 -c 1.1.1.0
[Host1]# icmpenum -s 2.2.2.2 -i 2 -c 1.1.1.0
Host2 starts first with a timeout of 20 seconds, makes sure not to send the packets with the -n option, listens promiscuously for Timestamp packets from the 1.1.1.0 network. Host1 sends the exact packets Host2 is listening for with a 2.2.2.2 spoofed source address. Yes, one could simply replace the -n option in Host2s command line with -s 2.2.2.2 and do the same thing from one workstation, but were demonstrating a distributed concept.
Enhancements:
- I have added ICMP MASK (type 17 and 18) requests and replys. Simply use the -i 4 option on the command line, such as; icmpenum -i 4 -c 1.2.3.1 (sends ICMP MASK requests to the Class C range 1.2.3.1/24 and reports any system as.
- Due to the use of some older versions of Libnet and Libpcap. I can see problems for some people compiling this and hence have placed two statically linked versions within the tarball

Regexp::Ignore is a Perl module that let us ignore unwanted parts, while parsing text.

WARNING

This is an alpha code. Really. It was written in the end of 2001. It is not yet checked much. The only reason I submit it to CPAN that early is to get feedback about the idea, and hopefully to get some help in finding the many bugs that must still be in it. In our company we use this code, though, and for our needs it runs well.

SYNOPSIS

use Regexp::IgnoreXXX;

my $rei = new Regexp::IgnoreXXX($text,
"");
# split the wanted text from the unwanted text
$rei->split();

# use substitution function
$rei->s((var)_(d+), $2$1, gi);
$rei->s((d+):(d+), $2:$1);

# merge back to get the resulted text
my $changed_text = $rei->merge();

Markup languages, like HTML, are difficult to parse. The reason is that you can have a line like:

< font size=+1 >H< /font >ello < font size=+1 >W< /font >orld

How can we find the string "Hello World", in the above line, and replace it by "Hello Universe" (which is a lot deeper)? Or how can we run a speller on the text and replace the mistakes with suggestions for the correct spelling?
This module come to help you doing exactly that.

Actually the module let you first split the text to the parts you are interested in and the unwanted parts. For example, all the HTML tags can be taken as unwanted parts.

Then it let you parse the part you are interested in (while totally ignoring the unwanted parts).

In the end it let you merge back the unwanted parts with the possibly changed parts you were interested in.

There is just one catch. It uses the assumption that when you replace the above "Hello World" to "Hello Universe", all the unwanted parts between the start of the match to the end of the match, will be pushed after the text that will replace the match. This is not really understood right? Look at the example:
The text:

< font size=+1 >H< /font >ello < font size=+1 >W< /font >orld

will be first split and we will get the "cleaned" text:

Hello World

Then we can parse it using something like:

s/Hello World/Hello Universe/;

This will give us the changed "cleaned" text:

Hello Universe

When we will merge with the unwanted parts we will get

< font size=+1 >Hello Universe< /font >< font size=+1 >< /font >

So, the unwanted parts in the match were pushed after the replacer.

The ICMP Hostname Tools for Linux include a responder daemon, a lookup tool, and a nameswitch module to handle ICMP host name functions.

The NSS module caches all requests (including failures) and honors the TTL value sent by the responding host. It uses a configuration file called /etc/nss-icmp.conf, which controls different aspects of its operation:

* timeout – Sets the timeout in milliseconds for ICMP host name queries, by passing the -t option to idnlookup.
* nocache – Disables the cache.
* ttlnotfound – Sets the TTL for not-found cache entries is seconds. The default is 5 minutes.

Both icmpdnd and idnlookup need to run as root, due to the fact that they use ICMP. Thus, idnlookup needs be installed SUID root.

Parallel Network Scanner provides a fast network services scanner.
pnscan is a scanner for TCP network services. It uses multithreading to increase its speed.
pnscan tries to be smart as to how many threads to start - it will dynamically start only as many as is needed to make progress in the scan - up to a maximum either as specified with the "-n" command line option, or 8 minus the maximum number of available file descriptors (pnscan tries to increase
it to the max limit automatically) - or any internal limit on the system (Linux normally only allows 256 threads).
Host ranges can be specified both as a CIDR - network name or IP address / mask bit length and as a range. When using CIDR notation - the first and last address is ignored (normally used for broadcasts)
Some examples:
192.168.0.0/24
192.160.0.1:192.160.0.254
arpanet/8
USAGE - EXAMPLES
# Scan network 192.168.0.0/24 for SSH daemons on port 22
pnscan 192.168.0.0/24 22
pnscan 192.168.0.1:192.168.0.254 ssh
# Scan hosts 192.168.10.34 ... 98 for IDENT servers, max 8 threads
pnscan -n8 -w"VERSION" 192.168.10.34:192.168.10.98 113
# Scan host 127.0.0.1 for WWW servers on all ports
pnscan -w"HEAD / HTTP/1.0rnrn" -r"Server:" 192.168.0.32 1:65525
pnscan -w"HEAD / HTTP/1.0rnrn" -r"Server:" localhost 1:65525
# Send binary data and expect the binary sequence FF 00 FF on port 145.
pnscan -W"05 5A 37" -R"FF 00 FF" 192.168.0.32 145
# Scan for Roxen servers and print the whole Server-line
pnscan -l -w"HEAD / HTTP/1.0rnrn" -r"Roxen" localhost 1:65525
# Scan for pidentd servers and try to locate the version
pnscan -w"VERSION" 192.160.0.0/24 113
# Scan network arpanet/24 for daytime servers and sort them IP-numerically
pnscan arpanet/10 daytime | ipsort
# Read host (&port) lines from stdin and scan the selected hosts for SSH
echo 192.160.10.11 ssh | pnscan -v
echo 192.160.10.12 | pnscan 22
Enhancements:
- pnscan.sgml Added the other options implemented in pnscan.c.
- pnscan.c: Modified the threads startup code to dynamically only start as many threads as is needed.

IPChains is a Perl module to create and manipulate ipchains via Perl.

SYNOPSIS

use IPChains;
$fw = IPChains->new(-option => value, ... ); $fw->append(chain);

This module acts as an interface to the ipchains(8) userspace utility by Paul "Rusty" Russell (http://www.rustcorp.com/linux/ipchains/). It attempts to include all the functionality of the original code with a simplified user interface via Perl. In addition, plans for log parsing facilities, an integrated interface to ipmasqadm, and possibly traffic shaping are slated for up and coming versions.
The new() and attribute() methods support the following options:

Source

Specifies origination address of packet. Appending hostmask to this address using a / is OK, as well as specifying it separately (see SourceMask).

SourceMask

Hostmask for origination address. Can either be in 24 or 255.255.255.0 style.

SourcePort

Specific port or port range (use xxx:xxx to denote range), requires specific protocol specification.

Dest

Specifies destination address of packet. Appending hostmask to this address using a / is OK, as well as specifying it separately (see DestMask)

DestMask

Destination address, (see SourceMask).

DestPort

Destination Port, (see SourcePort).

Prot

Protocol. Can be tcp, udp, icmp, or all. Required for specifying specific port(s).

ICMP

ICMP Name/Code (in place of port when ICMP is specified as protocol).

Here is a small table of some of the most common ICMP packets:

Number Name Required by

0 echo-reply ping
3 destination-unreachable Any TCP/UDP traffic.
5 redirect routing if not running
routing daemon
8 echo-request ping
11 time-exceeded traceroute

Rule

Target. Can be ACCEPT, DENY, REJECT, MASQ, REDIRECT, RETURN, or a user-defined chain. Note: This is case sensitive.

Interface

Specify a specify interface as part of the criteria (ie, eth0, ppp0, etc.).

Fragment

Rule only refers to second and further fragments of fragmented packets (1 or 0).

Bidir

Makes criteria effective in both directions (1 or 0).

Verbose

Set verbose option for setting rules or list() (1 or 0).

Numeric

Show output from list() in numeric format. No DNS lookups, etc.. (1 or 0).

Log

Enable kernel logging (via syslog, kern.info) of matched packets (1 or 0).

Output

Copy matching packets to the userspace device (advanced).

Mark

Mark matching packets with specified number (advanced).

TOS

Used for modifying the TOS field in the IP header. Takes 2 args, AND and XOR masks, (ie, (TOS => ["0x01", "0x10"])). This feature is highly untested.
The first mask is ANDed with the packets current TOS, and the second mask is XORed with it. Use the following table for reference:

TOS Name Value Typical Uses

Minimum Delay 0x01 0x10 ftp, telnet
Maximum Throughput 0x01 0x08 ftp-data
Maximum Reliability 0x01 0x04 snmp
Minimum Cost 0x01 0x02 nntp

Exact

Display exact numbers in byte counters instead of numbers rounded in Ks, Ms, or Gs (1 or 0).

SYN

Only match TCP packets with the SYN bit set and the ACK and FIN bits cleared (1 or 0).