Free tcp connections to port 51215 software for linux

Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.

Sample:

# USER CONFIGURABLE SECTION

# The name and location of the ipchains utility.
IPTABLES=iptables

# The path to the ipchains executable.
PATH="/usr/local/sbin"

# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"

# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"

# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"

# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"

# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"

# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1

# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done

# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done

# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done

# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done

# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done

# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done

# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done

# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done

# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done

# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done

# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done

# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done

# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done

# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#

# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done


if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.

Network Communicator is a simple script for sending and receiving data over TCP/UDP connections.
It can be useful for testing firewall configurations, routing tables, and similar things.
I had originally written two scripts for testing TCP only: a talker and a listener. Upon failure to properly modify them to support UDP only, I made Netcom. It allows the sending and receiving of TCP or UDP data to arbitrary IPs/Ports and optional from/to files.
Im sure there are already tools like this out there like netcat, but wasnt able to get netcat working properly for UDP also. Either way, here you go and enjoy!
Launch Netcom with no options to view the usage.
Enhancements:
- A complete re-write to support arbitrary source/destination and port forwarding (not tunneling).

SSL Proxy server listens on a TCP port, accepts SSL connections, and forwards them to another local or remote TCP port.
For example, it is possible to create an HTTPS server if you have an HTTP server and you run an SSL Proxy server on port 443 which forwards the connections to port 80.
SSL Proxys design makes it as secure as possible and still perform well.
Enhancements:
- Improved certificate handling (chained certificates are now supported), more error information on SSL protocol errors during SSL_accept(), -U and -D options (buffer size), and a "powered by" logo.

asciireflector is a simple, unix based reflector program that allows sharing of data between clients through a TCP stream-socket connection. The reflector reads ASCII lines from each connected client, buffers them in a shared pool (ringbuffer) and sends all lines back to each client.
Usage and protocol:
Client reception is initiated by sending a textline to the reflector. This will usually be the data that is to be shared between clients. This line gets stored in the reflectors buffer unless it is the text "POLL". All lines send to the reflector have to end with a newline character. If the line is preceded by the keyword "PUSH", the line gets distributed by the reflector with the PUSH removed, but no lines get send back to the client. Otherwise immediately after the reception from the client, all textlines that have
been received since the last sending of text will be written back to the client. This sequence is finished when the text "OVER" is send from the reflector. This means no new textlines are in the ringbuffer. To close the socket connection with the reflector, send the word "LOGOUT".
Note that the reflector sends the last textline that was received from the client back to the client during the next iteration. This can be used to test if the speed of the network connection is sufficient to maintain complete reception of the ringbuffer. If the first line
received is not equal to the last line send, the ringbuffer has been overwritten by another client in the mean time, indicating that reception is too slow. Reflector use should be stopped in such a case.
Thus the client should run the following sequence repeatedly:
1. Connect to reflector
2.) Send data
2.1.) Send data as "textline", store as "last_textline"
OR
2.2) Send "POLL"
OR
2.3) Send "PUSH__and__some_text" to send text without having to receive anything (i.e. proceed to 4.)
3.) Read data
3.1.) Read "textline" unless PUSH was send
3.1.2) If first "textline" is not "last_textline" abort with an error
3.2.) Repeat from 3.1 until "textline" is the "OVER"
4.) ... do other stuff ...
5.) Goto 2. or send "LOGOUT"
The use of ASCII and stream-sockets was used for its easy of use and transparency - its not very efficient though for realtime applications that have to transport a lot of data.
Compilation and test:
To compile the source type
make
Then run
asciireflector
To test, connect to the reflector in (a few) different terminal(s) with telnet localhost 1522 and type a few lines.
The program was developed on a RedHat Linux system but should work with any unix system that provides a pthread implementation.
Limits and settings:
The current (compiled-in defaults) are:
Port number 1522
Connections 20
Line Length 128 chars (including newline)
Size of Ringbuffer 1024 lines
Change the defines in the .h files to adjust to your application.
Enhancements:
- Fixed connection count
- Added a few messages
- Fixed PUSH behaviour

FTester (The Firewall Tester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.
The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the connection spoofing option. A script called freport is also available for automatically parse the log files.
Of course this is not an automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.
The IDS (Intrusion Detection System) testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. Instead of using the configuration syntax currently the script can also process snort rule definition file.
These two scripts were written because I was tired of doing this by hand (with packet-crafting tools and tcpdump), I know that there are at least two dozens of other methods to do this but another reason was to learn some perl ;). I hope that you enjoy them.
Main features:
- firewall testing
- IDS testing
- simulation of real tcp connections for stateful inspection firewalls and IDS
- connection spoofing
- IP fragmentation / TCP segmentation
- IDS evasion techniques

MP3::Icecast is a Perl module to generate Icecast streams, as well as M3U and PLSv2 playlists.

SYNOPSIS

use MP3::Icecast;
use MP3::Info;
use IO::Socket;


my $listen_socket = IO::Socket::INET->new(
LocalPort => 8000, #standard Icecast port
Listen => 20,
Proto => tcp,
Reuse => 1,
Timeout => 3600);

#create an instance to find all files below /usr/local/mp3
my $finder = MP3::Icecast->new();
$finder->recursive(1);
$finder->add_directory(/usr/local/mp3);
my @files = $finder->files;

#accept TCP 8000 connections
while(1){
next unless my $connection = $listen_socket->accept;

defined(my $child = fork()) or die "Cant fork: $!";
if($child == 0){
$listen_socket->close;

my $icy = MP3::Icecast->new;

#stream files that have an ID3 genre tag of "jazz"
while(@files){
my $file = shift @files;
my $info = new MP3::Info $file;
next unless $info;
next unless $info->genre =~ /jazz/i;
$icy->stream($file,0,$connection);
}
exit 0;
}

#a contrived example to demonstrate that MP3::Icecast
#can generate M3U and PLSv2 media playlists.
print STDERR $icy->m3u, "n";
print STDERR $icy->pls, "n";

$connection->close;
}

ABSTRACT

MP3::Icecast supports streaming Icecast protocol over socket or other filehandle (including STDIN). This is useful for writing a streaming media server.
MP3::Icecast also includes support for generating M3U and PLSv2 playlist files. These are common formats supported by most modern media players, including XMMS, Windows Media Player 9, and Winamp.

TCPCam is a video and audio point to point conference program for Linux that is very easy to use and modify. The connection uses a single TCP port that needs to be open on only one of the two ends.
TCPCam is possible to change the video compression and resolution at run-time to match the available bandwidth.
It uses the Speex encoder for audio compression (in both narrowband and wideband), JPEG compression for video, and works with most video4linux devices and audio boards supporting the OSS API.
Main features:
- It works using a single TCP port (port 7766). In order for TCPCam to work between two users, one of the users can be completly firewalled, while the other one must have port TCP 7766 open to the outside.
- Audio frames are encoded using the Speex encoder/algorithm.
- Video frames are encoded using JPEG at high compression level.
- The user can switch between ten different video quality levels at runtime using keys from 1 to 0.
- Support for multiple video resolution (up to 640x480), the user can switch at runtime using the right keys (see usage)
- Full screen mode (just press f to toggle).
- Capture screenshots in JPEG format (just press enter).
- Audio works in narrowband (8Khz) and wideband (16Khz).
- The protocol is very simple to implement in most operating systems and programming languages. It is based on frames with a simple header containing audio or video and transimtted over a TCP channel.