tcp connections patch
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 2610
KPowersave Icon Patch 0.1
KPowersave Icon Patch changes the way of displaying power state for KPowersave. more>>
KPowersave Icon Patch is intended for KPowersave 0.6.2
This patch changes the way of displaying power state for KPowersave. Using this patch you can better theme KPowersave, by using a series of pixmaps.
Installation instructions:
>>> Patch the sources
1. Copy the patch file in the parent folder of KPowersave sources.
2. Cd into KPowersave
3. issue: patch -Np1 -i ../kpowersave-icon.patch
>>> Compile the sources
>>> Copy the icons
After instalation, you wont get any icons for displaying battery state.
You have to copy them to your theme folder.
Copy the iconset in the THEME_FOLDER/22x22/actions/
You can use this theme for start:
http://www.kde-look.org/content/show.php?content=28287
<<lessThis patch changes the way of displaying power state for KPowersave. Using this patch you can better theme KPowersave, by using a series of pixmaps.
Installation instructions:
>>> Patch the sources
1. Copy the patch file in the parent folder of KPowersave sources.
2. Cd into KPowersave
3. issue: patch -Np1 -i ../kpowersave-icon.patch
>>> Compile the sources
>>> Copy the icons
After instalation, you wont get any icons for displaying battery state.
You have to copy them to your theme folder.
Copy the iconset in the THEME_FOLDER/22x22/actions/
You can use this theme for start:
http://www.kde-look.org/content/show.php?content=28287
Download (0.002MB)
Added: 2006-09-20 License: GPL (GNU General Public License) Price:
1130 downloads
Exim DSN Patch 0.1
The Exim DSN patch adds delivery status notification support to Exim 4.xx. more>>
The Exim DSN patch adds delivery status notification support to Exim 4.xx.
DSN Support for Exim. This patch allows Exim 4.xx to support the sending of email Delivery Status Notifications.
<<lessDSN Support for Exim. This patch allows Exim 4.xx to support the sending of email Delivery Status Notifications.
Download (0.036MB)
Added: 2005-07-15 License: IBM Public License Price:
1562 downloads
conn-close 1.0
conn-close gives us possibility to get rid of entries in ip_conntrack about ESTABLISHED TCP connections. more>>
conn-close gives us possibility to get rid of entries in ip_conntrack about ESTABLISHED TCP connections that goes through our server.
conn-close script uses hping2 to send spoofed RST packets which will fool conntrack and cause specified connections to be considered by conntrack as closed (now these connections will be in ip_conntrack in CLOSE state), even though RST packets will be more likely discarded by destination host.
Information about connections is read of course from /proc/net/ip_conntrack.
Idea was taken from script seen somewhere on the internet.
<<lessconn-close script uses hping2 to send spoofed RST packets which will fool conntrack and cause specified connections to be considered by conntrack as closed (now these connections will be in ip_conntrack in CLOSE state), even though RST packets will be more likely discarded by destination host.
Information about connections is read of course from /proc/net/ip_conntrack.
Idea was taken from script seen somewhere on the internet.
Download (0.003MB)
Added: 2006-05-08 License: GPL (GNU General Public License) Price:
1264 downloads
TCP Re-engineering Tool 1.4.3
TCP Re-engineering Tool monitors and analyzes data transmitted between a client and a server via a TCP connection. more>>
TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.
TCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference.There are various display formats.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
Enhancements:
- libsolve/getaddrinfo.{c,h}, src/winstub.{c,h}:
- dirty kludge to resolve getaddrinfo & co at run-time
- so that tcpreen can still run on Windows 2000 and older.
<<lessTCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference.There are various display formats.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
Enhancements:
- libsolve/getaddrinfo.{c,h}, src/winstub.{c,h}:
- dirty kludge to resolve getaddrinfo & co at run-time
- so that tcpreen can still run on Windows 2000 and older.
Download (0.041MB)
Added: 2006-06-28 License: GPL (GNU General Public License) Price:
1216 downloads
TCPWatch 1.3
TCPWatch is a utility written in Python that lets you monitor forwarded TCP connections or HTTP proxy connections. more>>
TCPWatch is a utility written in Python that lets you monitor forwarded TCP connections or HTTP proxy connections.
It displays the sessions in a window with a history of past connections. It is useful for developing and debugging protocol implementations and web services.
Enhancements:
- Made compatible with versions of tcl that have threads enabled.
- Log file numbers are now sequential.
- "user@host" is now accepted as a destination hostname (the user name is ignored).
<<lessIt displays the sessions in a window with a history of past connections. It is useful for developing and debugging protocol implementations and web services.
Enhancements:
- Made compatible with versions of tcl that have threads enabled.
- Log file numbers are now sequential.
- "user@host" is now accepted as a destination hostname (the user name is ignored).
Download (0.013MB)
Added: 2005-10-15 License: GPL (GNU General Public License) Price:
1476 downloads
OpenSSH SecurID patch 1.3.2
OpenSSH SecurID is a patch that integrates SecurID authentication services directly into the OpenSSH daemon. more>>
OpenSSH SecurID is a patch that integrates SecurID authentication services directly into the OpenSSH daemon. It allows users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
This is how it works:
0) apply patch ;-) You must use GNU patch (get it from ftp.gnu.org, it free.)
1) copy ACE headers (in SecurID inc directory) into either a standard include place (like /usr/local/include) or into the openssh source tree or add the --with-cflags=-I/path/to/ace/inc (where the include files are located)
2) copy the libaceclnt.a (for ACE 5.X) or sdiclient.a (for ACE<<less
This is how it works:
0) apply patch ;-) You must use GNU patch (get it from ftp.gnu.org, it free.)
1) copy ACE headers (in SecurID inc directory) into either a standard include place (like /usr/local/include) or into the openssh source tree or add the --with-cflags=-I/path/to/ace/inc (where the include files are located)
2) copy the libaceclnt.a (for ACE 5.X) or sdiclient.a (for ACE<<less
Download (0.047MB)
Added: 2006-07-13 License: BSD License Price:
702 downloads
tcptunnel 1.0
tcptunnel is a simple TCP tunnel written in Perl. more>>
tcptunnel is a simple TCP tunnel written in Perl.
Also is a versatile tcp tunnel. The tcptunnel uses:
- tunnelling through a firewall or proxy
- redirecting tcp connections to other ports or machines
- debugging tcp connections in-place
- packet sniffing
The tcptunnel listens on local port < port > and when a connection is made it connects the other end of the tunnel as follows:
a) With no proxy specified, it connects the other end
to < srvport > on < srv >.
b) With a proxy, it connects to < srvport > on < proxy >.
It then directs the proxy to telnet to < srv >, and then it connects the ends of the tunnel.
<<lessAlso is a versatile tcp tunnel. The tcptunnel uses:
- tunnelling through a firewall or proxy
- redirecting tcp connections to other ports or machines
- debugging tcp connections in-place
- packet sniffing
The tcptunnel listens on local port < port > and when a connection is made it connects the other end of the tunnel as follows:
a) With no proxy specified, it connects the other end
to < srvport > on < srv >.
b) With a proxy, it connects to < srvport > on < proxy >.
It then directs the proxy to telnet to < srv >, and then it connects the ends of the tunnel.
Download (0.005MB)
Added: 2006-07-01 License: GPL (GNU General Public License) Price:
1213 downloads
La-Nai 1.2.14-patch
La-Nai is a CMS-like system that has basic modules, blocks, and templates. more>>
La-Nai is a CMS-like system that has basic modules, blocks, and templates.
The project is ready to create a Web site, but it has a new way of development called "Generated Framework", which means that a developer can generate module and source code from a command line script called "La-Mud".
In just a few minutes, you can create your own module or database driven module.
Installation:
1. Download release version at sourceforge
2. Extract to your home directory
3. Browse to http://your-domain-name/lanai-dir/
4. It ll start web installation follow the instruction until finish
5. Delete install directory after finish.
Enhancements:
- Multiple SQL injection vulnerabilities were fixed in three modules.
<<lessThe project is ready to create a Web site, but it has a new way of development called "Generated Framework", which means that a developer can generate module and source code from a command line script called "La-Mud".
In just a few minutes, you can create your own module or database driven module.
Installation:
1. Download release version at sourceforge
2. Extract to your home directory
3. Browse to http://your-domain-name/lanai-dir/
4. It ll start web installation follow the instruction until finish
5. Delete install directory after finish.
Enhancements:
- Multiple SQL injection vulnerabilities were fixed in three modules.
Download (1.5MB)
Added: 2007-08-11 License: GPL (GNU General Public License) Price:
806 downloads
kate-ctags-plugin-patch 0.2.1
kate-ctags-plugin-patch is a patch for kate-ctags-plugin-0.2. more>>
kate-ctags-plugin-patch is a patch for kate-ctags-plugin-0.2.
Adds in a plug-in an opportunity to come back in same place whence you have entered into function or other label tags (as in vim on ctrl+T and ctrl +]) PS wrote to authors of a plugin but has not answered.
Usage:
>tar zxf kate-ctags-plugin-0.2.tar.gz
cp kate-ctags-plugin-0.2.1.patch kate-ctags-plugin-0.2/
>cd kate-ctags-plugin-0.2
>patch -p0 -R -i kate-ctags-plugin-0.2.1.patch
./configure && make && make install
after in restart Kate -> setting ->
hot keys -> set
lookup curent context as Declaration ctrl+[
lookup curent context as Definition ctrl+]
return on one jump back ctrl+T
<<lessAdds in a plug-in an opportunity to come back in same place whence you have entered into function or other label tags (as in vim on ctrl+T and ctrl +]) PS wrote to authors of a plugin but has not answered.
Usage:
>tar zxf kate-ctags-plugin-0.2.tar.gz
cp kate-ctags-plugin-0.2.1.patch kate-ctags-plugin-0.2/
>cd kate-ctags-plugin-0.2
>patch -p0 -R -i kate-ctags-plugin-0.2.1.patch
./configure && make && make install
after in restart Kate -> setting ->
hot keys -> set
lookup curent context as Declaration ctrl+[
lookup curent context as Definition ctrl+]
return on one jump back ctrl+T
Download (0.005MB)
Added: 2007-07-24 License: GPL (GNU General Public License) Price:
826 downloads
DOOM 3 1.3.1.1304 Patch
DOOM 3 is a sci-fi horror masterpiece, DOOM 3 is like nothing you have experienced. more>>
DOOM 3 is a sci-fi horror masterpiece, DOOM 3 is like nothing you have experienced.
id Software has released a new patch for its FPS DOOM 3. This update brings your retail game to v1.3.1 and adds various fixes and improvements, Vista compatibility, and bringing back cross-platform multiplayer compatibility with the Mac.
Minimum System Requierments:
3D Hardware Accelerator Card Required - 100% DirectX 9.0b compatible 64MB Hardware Accelerated video card and the lateset drivers*.
English verision of Microsoft Windows 2000/XP
Pentium IV 1.5 GHz or Athlon XP 1500+ processoror higher
384MB RAM
8x Speed CD-ROM drive (1200KB/sec sustained transfer rate) and latest drivers
2.2GB of uncompressed free hard disk space (plus 400MB for Windows swap file)
100% DirectX 9.0b compatible 16-bit sound card and the latest drivers
100% Windows compatible mouse, keyboard, and latest drivers
DirectX 9.0b (included)
Multiplayer Requierments:
Internet (TCP/IP) and LAN (TCP/IP) play supported.
Internet play requires broadband connection and latest drivers
LAN play requires network interface card and latest drivers
Enhancements:
- Tested and improved Vista compatibility
- Fix a potential crash in physics
- Fix an issue with pak downloaded being immediately appended without filesystem restart
- Fixes to DNS lookup, reduced the stalls
- Updated the code to gcc 4.0 compliance, for Mac OSX universal binaries and GNU/Linux x86 binaries
- Threading implementation for Mac and Linux is more compliant with the Win32 behaviours
- Fix Alsa sound backend (Linux)
- Fixes to tty code (Linux)
<<lessid Software has released a new patch for its FPS DOOM 3. This update brings your retail game to v1.3.1 and adds various fixes and improvements, Vista compatibility, and bringing back cross-platform multiplayer compatibility with the Mac.
Minimum System Requierments:
3D Hardware Accelerator Card Required - 100% DirectX 9.0b compatible 64MB Hardware Accelerated video card and the lateset drivers*.
English verision of Microsoft Windows 2000/XP
Pentium IV 1.5 GHz or Athlon XP 1500+ processoror higher
384MB RAM
8x Speed CD-ROM drive (1200KB/sec sustained transfer rate) and latest drivers
2.2GB of uncompressed free hard disk space (plus 400MB for Windows swap file)
100% DirectX 9.0b compatible 16-bit sound card and the latest drivers
100% Windows compatible mouse, keyboard, and latest drivers
DirectX 9.0b (included)
Multiplayer Requierments:
Internet (TCP/IP) and LAN (TCP/IP) play supported.
Internet play requires broadband connection and latest drivers
LAN play requires network interface card and latest drivers
Enhancements:
- Tested and improved Vista compatibility
- Fix a potential crash in physics
- Fix an issue with pak downloaded being immediately appended without filesystem restart
- Fixes to DNS lookup, reduced the stalls
- Updated the code to gcc 4.0 compliance, for Mac OSX universal binaries and GNU/Linux x86 binaries
- Threading implementation for Mac and Linux is more compliant with the Win32 behaviours
- Fix Alsa sound backend (Linux)
- Fixes to tty code (Linux)
Download (20.2MB)
Added: 2007-02-04 License: Freeware Price:
1642 downloads
TCPCam Beta1
TCPCam is a video and audio point to point conference program for Linux that is very easy to use and modify. more>>
TCPCam is a video and audio point to point conference program for Linux that is very easy to use and modify. The connection uses a single TCP port that needs to be open on only one of the two ends.
TCPCam is possible to change the video compression and resolution at run-time to match the available bandwidth.
It uses the Speex encoder for audio compression (in both narrowband and wideband), JPEG compression for video, and works with most video4linux devices and audio boards supporting the OSS API.
Main features:
- It works using a single TCP port (port 7766). In order for TCPCam to work between two users, one of the users can be completly firewalled, while the other one must have port TCP 7766 open to the outside.
- Audio frames are encoded using the Speex encoder/algorithm.
- Video frames are encoded using JPEG at high compression level.
- The user can switch between ten different video quality levels at runtime using keys from 1 to 0.
- Support for multiple video resolution (up to 640x480), the user can switch at runtime using the right keys (see usage)
- Full screen mode (just press f to toggle).
- Capture screenshots in JPEG format (just press enter).
- Audio works in narrowband (8Khz) and wideband (16Khz).
- The protocol is very simple to implement in most operating systems and programming languages. It is based on frames with a simple header containing audio or video and transimtted over a TCP channel.
<<lessTCPCam is possible to change the video compression and resolution at run-time to match the available bandwidth.
It uses the Speex encoder for audio compression (in both narrowband and wideband), JPEG compression for video, and works with most video4linux devices and audio boards supporting the OSS API.
Main features:
- It works using a single TCP port (port 7766). In order for TCPCam to work between two users, one of the users can be completly firewalled, while the other one must have port TCP 7766 open to the outside.
- Audio frames are encoded using the Speex encoder/algorithm.
- Video frames are encoded using JPEG at high compression level.
- The user can switch between ten different video quality levels at runtime using keys from 1 to 0.
- Support for multiple video resolution (up to 640x480), the user can switch at runtime using the right keys (see usage)
- Full screen mode (just press f to toggle).
- Capture screenshots in JPEG format (just press enter).
- Audio works in narrowband (8Khz) and wideband (16Khz).
- The protocol is very simple to implement in most operating systems and programming languages. It is based on frames with a simple header containing audio or video and transimtted over a TCP channel.
Download (0.90MB)
Added: 2006-06-30 License: GPL (GNU General Public License) Price:
1214 downloads
Configuration with no services supported
Configuration with no services supported script is for a single host firewall configuration with no services supported. more>>
Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.
Sample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
<<lessSample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
982 downloads
Elm Millennium Edition 2.4 PL123d (25) (Elm 2.4ME+ patch)
Elm Millennium Edition is an interactive mail system based on Elm 2.4. more>>
Elm Millennium Edition is an interactive mail system based on Elm 2.4. It contains enhanced MIME and character set support.
Elm Millennium Edition can read mail from POP or IMAP folders and can pass mail to the PGP or GPG programs. It can also view digests as a mailbox and reassemble fragmented (message/partial) messages. It includes modules for TLS/SSL, iconv, and SMTP.
<<lessElm Millennium Edition can read mail from POP or IMAP folders and can pass mail to the PGP or GPG programs. It can also view digests as a mailbox and reassemble fragmented (message/partial) messages. It includes modules for TLS/SSL, iconv, and SMTP.
Download (1.5MB)
Added: 2006-09-25 License: Freely Distributable Price:
1127 downloads
OpenSSH LDAP Public Key patch 0.3.9
The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong user authentication. more>>
OpenSSH LDAP Public Key patch provides an easy way of centralizing strong user authentication by using an LDAP server for retrieving public keys instead of ~/.ssh/authorized_keys.
It uses the standard core.schema/nis.schema and strongAuthenticationUser object class, which can simplify login centralization but could introduce serious security flaws if the LDAP server is not correctly configured.
Enhancements:
- A memory leak has been fixed.
- A potential LDAP filter injection if a username has strange characters in it [()*] has been fixed.
<<lessIt uses the standard core.schema/nis.schema and strongAuthenticationUser object class, which can simplify login centralization but could introduce serious security flaws if the LDAP server is not correctly configured.
Enhancements:
- A memory leak has been fixed.
- A potential LDAP filter injection if a username has strange characters in it [()*] has been fixed.
Download (0.059MB)
Added: 2007-08-04 License: BSD License Price:
815 downloads
TCPreen 1.4.2
TCP Re-engineering Tool monitors and analyzes data transmitted between a client and a server via a TCP connection. more>>
TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.
TCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference. Various display formats are available.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
<<lessTCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference. Various display formats are available.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
Download (0.040MB)
Added: 2005-04-11 License: GPL (GNU General Public License) Price:
1660 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above tcp connections patch search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
