tcp connections vista
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 1906
conn-close 1.0
conn-close gives us possibility to get rid of entries in ip_conntrack about ESTABLISHED TCP connections. more>>
conn-close gives us possibility to get rid of entries in ip_conntrack about ESTABLISHED TCP connections that goes through our server.
conn-close script uses hping2 to send spoofed RST packets which will fool conntrack and cause specified connections to be considered by conntrack as closed (now these connections will be in ip_conntrack in CLOSE state), even though RST packets will be more likely discarded by destination host.
Information about connections is read of course from /proc/net/ip_conntrack.
Idea was taken from script seen somewhere on the internet.
<<lessconn-close script uses hping2 to send spoofed RST packets which will fool conntrack and cause specified connections to be considered by conntrack as closed (now these connections will be in ip_conntrack in CLOSE state), even though RST packets will be more likely discarded by destination host.
Information about connections is read of course from /proc/net/ip_conntrack.
Idea was taken from script seen somewhere on the internet.
Download (0.003MB)
Added: 2006-05-08 License: GPL (GNU General Public License) Price:
1264 downloads
TCP Re-engineering Tool 1.4.3
TCP Re-engineering Tool monitors and analyzes data transmitted between a client and a server via a TCP connection. more>>
TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.
TCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference.There are various display formats.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
Enhancements:
- libsolve/getaddrinfo.{c,h}, src/winstub.{c,h}:
- dirty kludge to resolve getaddrinfo & co at run-time
- so that tcpreen can still run on Windows 2000 and older.
<<lessTCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference.There are various display formats.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
Enhancements:
- libsolve/getaddrinfo.{c,h}, src/winstub.{c,h}:
- dirty kludge to resolve getaddrinfo & co at run-time
- so that tcpreen can still run on Windows 2000 and older.
Download (0.041MB)
Added: 2006-06-28 License: GPL (GNU General Public License) Price:
1216 downloads
TCPCam Beta1
TCPCam is a video and audio point to point conference program for Linux that is very easy to use and modify. more>>
TCPCam is a video and audio point to point conference program for Linux that is very easy to use and modify. The connection uses a single TCP port that needs to be open on only one of the two ends.
TCPCam is possible to change the video compression and resolution at run-time to match the available bandwidth.
It uses the Speex encoder for audio compression (in both narrowband and wideband), JPEG compression for video, and works with most video4linux devices and audio boards supporting the OSS API.
Main features:
- It works using a single TCP port (port 7766). In order for TCPCam to work between two users, one of the users can be completly firewalled, while the other one must have port TCP 7766 open to the outside.
- Audio frames are encoded using the Speex encoder/algorithm.
- Video frames are encoded using JPEG at high compression level.
- The user can switch between ten different video quality levels at runtime using keys from 1 to 0.
- Support for multiple video resolution (up to 640x480), the user can switch at runtime using the right keys (see usage)
- Full screen mode (just press f to toggle).
- Capture screenshots in JPEG format (just press enter).
- Audio works in narrowband (8Khz) and wideband (16Khz).
- The protocol is very simple to implement in most operating systems and programming languages. It is based on frames with a simple header containing audio or video and transimtted over a TCP channel.
<<lessTCPCam is possible to change the video compression and resolution at run-time to match the available bandwidth.
It uses the Speex encoder for audio compression (in both narrowband and wideband), JPEG compression for video, and works with most video4linux devices and audio boards supporting the OSS API.
Main features:
- It works using a single TCP port (port 7766). In order for TCPCam to work between two users, one of the users can be completly firewalled, while the other one must have port TCP 7766 open to the outside.
- Audio frames are encoded using the Speex encoder/algorithm.
- Video frames are encoded using JPEG at high compression level.
- The user can switch between ten different video quality levels at runtime using keys from 1 to 0.
- Support for multiple video resolution (up to 640x480), the user can switch at runtime using the right keys (see usage)
- Full screen mode (just press f to toggle).
- Capture screenshots in JPEG format (just press enter).
- Audio works in narrowband (8Khz) and wideband (16Khz).
- The protocol is very simple to implement in most operating systems and programming languages. It is based on frames with a simple header containing audio or video and transimtted over a TCP channel.
Download (0.90MB)
Added: 2006-06-30 License: GPL (GNU General Public License) Price:
1214 downloads
TCP port scanner 1.0.4
TCP port scanner is a network scanner for Linux. more>>
TCP port scanner is a network scanner for Linux.
Installation:
1. Install - become root and gunzip/tar tcpscan-X-Y-Z.tar.gz.
2. Type ./confugure , make
3. Type install
4. Enjoy and try type tcpscan localhost
5. To get help - run tcpscan without parametres.
Usage:
tcpscan [-f] [hostname || IP_address]
tcpscan [-f] [first_IP_address] [last_IP_address]
<<lessInstallation:
1. Install - become root and gunzip/tar tcpscan-X-Y-Z.tar.gz.
2. Type ./confugure , make
3. Type install
4. Enjoy and try type tcpscan localhost
5. To get help - run tcpscan without parametres.
Usage:
tcpscan [-f] [hostname || IP_address]
tcpscan [-f] [first_IP_address] [last_IP_address]
Download (0.060MB)
Added: 2006-04-14 License: GPL (GNU General Public License) Price:
1299 downloads
tcptunnel 1.0
tcptunnel is a simple TCP tunnel written in Perl. more>>
tcptunnel is a simple TCP tunnel written in Perl.
Also is a versatile tcp tunnel. The tcptunnel uses:
- tunnelling through a firewall or proxy
- redirecting tcp connections to other ports or machines
- debugging tcp connections in-place
- packet sniffing
The tcptunnel listens on local port < port > and when a connection is made it connects the other end of the tunnel as follows:
a) With no proxy specified, it connects the other end
to < srvport > on < srv >.
b) With a proxy, it connects to < srvport > on < proxy >.
It then directs the proxy to telnet to < srv >, and then it connects the ends of the tunnel.
<<lessAlso is a versatile tcp tunnel. The tcptunnel uses:
- tunnelling through a firewall or proxy
- redirecting tcp connections to other ports or machines
- debugging tcp connections in-place
- packet sniffing
The tcptunnel listens on local port < port > and when a connection is made it connects the other end of the tunnel as follows:
a) With no proxy specified, it connects the other end
to < srvport > on < srv >.
b) With a proxy, it connects to < srvport > on < proxy >.
It then directs the proxy to telnet to < srv >, and then it connects the ends of the tunnel.
Download (0.005MB)
Added: 2006-07-01 License: GPL (GNU General Public License) Price:
1213 downloads
Configuration with no services supported
Configuration with no services supported script is for a single host firewall configuration with no services supported. more>>
Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.
Sample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
<<lessSample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
982 downloads
TCP Knocking 0.1
TCP Knocking provides a port knocking implementation. more>>
TCP Knocking provides a port knocking implementation.
Often a secure system needs a port open so that only authorized persons can access a particular service and also the service should not exposed to attackers and worms that may use vulnerabilities that exist in the listening server. Port knocking is designed to be used as a complementary service to the existing authentication mechanism. But one of the biggest problems with port knocking is manipulating the firewall with timeouts.
When the correct knock sequence is sent, the firewall is modified for couple of seconds. Having the firewall open automatically for a time period will make any system administrator uncomfortable. TCP knocking attempts to solve the problem by incorporating the knock into the TCP handshake. Tcp knocking is similar to port knocking, but instead sending UDP packets with secret ports, the TCP handshake packets must include secrete codes. It is at least as secure as port knocking and it can be made secure with more hardening.
Modified TCP handshake:
In normal TCP handshake, the client sends the syn packet and chooses a random initial sequence number. The server responds with a packet that has both syn and ack flags set, choosing a random
The modified TCP handshake uses the empty fields in the header. The server does not respond to connection requests without a special code generated along with the syn packet. The server also encrypts the ISN in the ack packet (2) and the final packet of the three-way handshake must have the correct acknowledgment for the servers ISN. The system is further protected from brute-force attacks by closing the connection if the first attempt for the third packet does not have the expected acknowledgment sequence.
Also, rather than use conventional encryption techniques like HMAC for verification, this system uses a file with random numbers as the key. This is because of the limited unused space available in the TCP/IP header which makes HMAC very weak. By using a shared file, the length of the key can be much greater than traditional systems and even though some parts of the key can be revealed by attacks, the server can protect itself from replay attacks.
The handshake:
1) Syn
The syn packet does not use the 32 bit acknowledgment field in the TCP header as it the the first packet to initiate the connection. Further the 16 bit IPID can be used to transmit information. In the current implementation only the 32 bit acknowledgment field is used. Currently the 32 bit ack is derived from a 64 KB file which contains random numbers. The ISN and the source IP address along with the random numbers are used to generate this value.
2) Syn/Ack
The ISN is encrypted using the random numbers from the 64 KB file using the destination IP address as well as a 16 bit random number used as IPID. I do not have code for this part yet.
3) Ack
The client decrypts the syn number from the encrypted syn, the key file, the 16 bit IPID and its own IP address and sends the ack packet. The server closes all connections from the client for couple of minutes if it sends a wrong ack value. Part of the security relies on the fact that the ISN generated by Linux 2.6 is fairly random.
Implementation:
I have implemented only the first part, which is the server expecting secret code along with the first syn packet from the client. Hence it is very possible to brute-force the server. Also the system is designed with the second phase in mind, which is the encrypted Initial Sequence Number in the ack packet and closing the connection if the correct ack is not sent on the first try. I do not have an implementation for that yet. The security will be increased greatly when the second phase is incorporated. Also the ability to detect brute-force attacks can be added to this system.
But the current system can be used for protecting the server from worms and random scanning. The use-case is similar to port knocking but it does not use the ugly system of opening the firewall for a couple of seconds. Vanilla port knocking is susceptible to brute-force attacks as well. Besides, inserting a kernel module to just ssh into your server will increase your mad sysadmin points.
Enhancements:
- TCP knocking with Phase 1 of the protocol was implemented.
<<lessOften a secure system needs a port open so that only authorized persons can access a particular service and also the service should not exposed to attackers and worms that may use vulnerabilities that exist in the listening server. Port knocking is designed to be used as a complementary service to the existing authentication mechanism. But one of the biggest problems with port knocking is manipulating the firewall with timeouts.
When the correct knock sequence is sent, the firewall is modified for couple of seconds. Having the firewall open automatically for a time period will make any system administrator uncomfortable. TCP knocking attempts to solve the problem by incorporating the knock into the TCP handshake. Tcp knocking is similar to port knocking, but instead sending UDP packets with secret ports, the TCP handshake packets must include secrete codes. It is at least as secure as port knocking and it can be made secure with more hardening.
Modified TCP handshake:
In normal TCP handshake, the client sends the syn packet and chooses a random initial sequence number. The server responds with a packet that has both syn and ack flags set, choosing a random
The modified TCP handshake uses the empty fields in the header. The server does not respond to connection requests without a special code generated along with the syn packet. The server also encrypts the ISN in the ack packet (2) and the final packet of the three-way handshake must have the correct acknowledgment for the servers ISN. The system is further protected from brute-force attacks by closing the connection if the first attempt for the third packet does not have the expected acknowledgment sequence.
Also, rather than use conventional encryption techniques like HMAC for verification, this system uses a file with random numbers as the key. This is because of the limited unused space available in the TCP/IP header which makes HMAC very weak. By using a shared file, the length of the key can be much greater than traditional systems and even though some parts of the key can be revealed by attacks, the server can protect itself from replay attacks.
The handshake:
1) Syn
The syn packet does not use the 32 bit acknowledgment field in the TCP header as it the the first packet to initiate the connection. Further the 16 bit IPID can be used to transmit information. In the current implementation only the 32 bit acknowledgment field is used. Currently the 32 bit ack is derived from a 64 KB file which contains random numbers. The ISN and the source IP address along with the random numbers are used to generate this value.
2) Syn/Ack
The ISN is encrypted using the random numbers from the 64 KB file using the destination IP address as well as a 16 bit random number used as IPID. I do not have code for this part yet.
3) Ack
The client decrypts the syn number from the encrypted syn, the key file, the 16 bit IPID and its own IP address and sends the ack packet. The server closes all connections from the client for couple of minutes if it sends a wrong ack value. Part of the security relies on the fact that the ISN generated by Linux 2.6 is fairly random.
Implementation:
I have implemented only the first part, which is the server expecting secret code along with the first syn packet from the client. Hence it is very possible to brute-force the server. Also the system is designed with the second phase in mind, which is the encrypted Initial Sequence Number in the ack packet and closing the connection if the correct ack is not sent on the first try. I do not have an implementation for that yet. The security will be increased greatly when the second phase is incorporated. Also the ability to detect brute-force attacks can be added to this system.
But the current system can be used for protecting the server from worms and random scanning. The use-case is similar to port knocking but it does not use the ugly system of opening the firewall for a couple of seconds. Vanilla port knocking is susceptible to brute-force attacks as well. Besides, inserting a kernel module to just ssh into your server will increase your mad sysadmin points.
Enhancements:
- TCP knocking with Phase 1 of the protocol was implemented.
Download (0.005MB)
Added: 2006-12-06 License: GPL (GNU General Public License) Price:
1054 downloads
TCPreen 1.4.2
TCP Re-engineering Tool monitors and analyzes data transmitted between a client and a server via a TCP connection. more>>
TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.
TCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference. Various display formats are available.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
<<lessTCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.
TCPreen can display data on your console in real-time and/or save it to log files for later reference. Various display formats are available.
While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.
Download (0.040MB)
Added: 2005-04-11 License: GPL (GNU General Public License) Price:
1660 downloads
StdioTunnel 0.2
StdioTunnel project allows you to tunnel arbitrary TCP connections through any shell access connection. more>>
StdioTunnel project allows you to tunnel arbitrary TCP connections through any shell access connection.
If the connection provides a clear 8-bit data path and allows you to start programs, you can use it with StdioTunnel.
It tunnels TCP connections in much the same way SSH does, but is useful in particular cases where SSH port forwarding is disabled, and it does not require running or changing the configuration of any server processes on either side of the connection.
Once StdioTunnel handshakes, the connection you used to initiate it is no longer available. The local StdioTunnel process will ignore further input. The connection is shut down when you kill the StdioTunnel process at either end.
All that is required for StdioTunnel to make a connection is that the standard input and output of the remote side appear to be connected through an 8-bit clear channel to the standard input and output of the process started by the local side. ssh with the -e none option to turn off the escape character works quite nicely as the connecting process.
Please note that using ANY software, StdioTunnel included, to work-around firewall restrictions may make systems on either side of the firewall more vulnerable to any number of attacks. StdioTunnel may have bugs that make such vulnerabilities even worse. The user takes sole responsibility for any adverse consequences of using this software.
<<lessIf the connection provides a clear 8-bit data path and allows you to start programs, you can use it with StdioTunnel.
It tunnels TCP connections in much the same way SSH does, but is useful in particular cases where SSH port forwarding is disabled, and it does not require running or changing the configuration of any server processes on either side of the connection.
Once StdioTunnel handshakes, the connection you used to initiate it is no longer available. The local StdioTunnel process will ignore further input. The connection is shut down when you kill the StdioTunnel process at either end.
All that is required for StdioTunnel to make a connection is that the standard input and output of the remote side appear to be connected through an 8-bit clear channel to the standard input and output of the process started by the local side. ssh with the -e none option to turn off the escape character works quite nicely as the connecting process.
Please note that using ANY software, StdioTunnel included, to work-around firewall restrictions may make systems on either side of the firewall more vulnerable to any number of attacks. StdioTunnel may have bugs that make such vulnerabilities even worse. The user takes sole responsibility for any adverse consequences of using this software.
Download (0.085MB)
Added: 2006-09-11 License: GPL (GNU General Public License) Price:
1138 downloads
Ping Tunnel 0.61
Ping Tunnel is a tool for reliably tunneling TCP connections over ICMP echo request. more>>
Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in your help in some cases.
Setting: Youre on the go, and stumble across an open wireless network. The network gives you an IP address, but wont let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.
Main features:
- Tunnel TCP using ICMP echo request and reply packets
- Connections are reliable (lost packets are resent as necessary)
- Handles multiple connections
- Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream are the currently measured maximas for one tunnel, but with tweaking this can be improved further)
- Authentication, to prevent just anyone from using your proxy
<<lessSetting: Youre on the go, and stumble across an open wireless network. The network gives you an IP address, but wont let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.
Main features:
- Tunnel TCP using ICMP echo request and reply packets
- Connections are reliable (lost packets are resent as necessary)
- Handles multiple connections
- Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream are the currently measured maximas for one tunnel, but with tweaking this can be improved further)
- Authentication, to prevent just anyone from using your proxy
Download (0.047MB)
Added: 2006-07-04 License: BSD License Price:
1234 downloads
HTTPTunnel 0.9.4
HTTPTunnel is a simple client/server application for creating an HTTP tunnel between two machines, optionally via a Web proxy. more>>
HTTPTunnel is a simple client/server application for creating an HTTP tunnel between two machines, optionally via a Web proxy.
This is a small application for tunnelling an arbitrary TCP socket connection over HTTP. It can be used, for example, to tunnel traffic out from behind a restrictive firewall that only allows outgoing HTTP web connections.
The basic idea is that you run an instance of the HTTP Tunnel application locally in client mode, that then connects out to another instance that you run at the remote end of the tunnel in server mode.
You then connect to the local client end of the tunnel with the application whose traffic you wish to tunnel, and all communications are then wrapped in HTTP. The tunnel may also go via a HTTP proxy, either explicitly or transparently.
Enhancements:
- This release includes some major bugfixes and improvements in the tunneling error detection and retransmission code.
- It also introduces support for building and running under Cygwin.
<<lessThis is a small application for tunnelling an arbitrary TCP socket connection over HTTP. It can be used, for example, to tunnel traffic out from behind a restrictive firewall that only allows outgoing HTTP web connections.
The basic idea is that you run an instance of the HTTP Tunnel application locally in client mode, that then connects out to another instance that you run at the remote end of the tunnel in server mode.
You then connect to the local client end of the tunnel with the application whose traffic you wish to tunnel, and all communications are then wrapped in HTTP. The tunnel may also go via a HTTP proxy, either explicitly or transparently.
Enhancements:
- This release includes some major bugfixes and improvements in the tunneling error detection and retransmission code.
- It also introduces support for building and running under Cygwin.
Download (0.059MB)
Added: 2007-08-19 License: GPL (GNU General Public License) Price:
807 downloads
tsocks 1.8
tsocks provides transparent network access through a SOCKS version 4 or 5 proxy (usually on a firewall). more>>
tsocks provides transparent network access through a SOCKS version 4 or 5 proxy (usually on a firewall).
SOCKS servers are a form of proxy that are commonly used in firewalled LAN environments to allow access between networks, and often to the Internet. The problem is that most applications dont know how to gain access through SOCKS servers. This means that network based applications that dont understand SOCKS are very limited in networks they can reach. An example of this is simple telnet.
tsocks role is to allow these non SOCKS aware applications (e.g telnet, ssh, ftp etc) to use SOCKS without any modification. It does this by intercepting the calls that applications make to establish network connections and negotating them through a SOCKS server as necessary. If youre on a network firewalled from the internet with a SOCKS server for outside access, telnet cant use this server and thus cant telnet out to the Internet., sou you cannot get out.
tsocks is based on the shared library interceptor concept. Through use of the LD_PRELOAD environment variable or the /etc/ld.so.preload file tsocks is automatically loaded into the process space of every executed program. From there it overrides the normal connect() function by providing its own. Thus when an application calls connect() to establish a TCP connection it instead passes control to tsocks. tsocks determines if the connection needs to be made via a SOCKS server (by checking /etc/tsocks.conf) and negotiates the connection if so (through use of the real connect() function )
<<lessSOCKS servers are a form of proxy that are commonly used in firewalled LAN environments to allow access between networks, and often to the Internet. The problem is that most applications dont know how to gain access through SOCKS servers. This means that network based applications that dont understand SOCKS are very limited in networks they can reach. An example of this is simple telnet.
tsocks role is to allow these non SOCKS aware applications (e.g telnet, ssh, ftp etc) to use SOCKS without any modification. It does this by intercepting the calls that applications make to establish network connections and negotating them through a SOCKS server as necessary. If youre on a network firewalled from the internet with a SOCKS server for outside access, telnet cant use this server and thus cant telnet out to the Internet., sou you cannot get out.
tsocks is based on the shared library interceptor concept. Through use of the LD_PRELOAD environment variable or the /etc/ld.so.preload file tsocks is automatically loaded into the process space of every executed program. From there it overrides the normal connect() function by providing its own. Thus when an application calls connect() to establish a TCP connection it instead passes control to tsocks. tsocks determines if the connection needs to be made via a SOCKS server (by checking /etc/tsocks.conf) and negotiates the connection if so (through use of the real connect() function )
Download (0.082MB)
Added: 2006-07-01 License: GPL (GNU General Public License) Price:
1221 downloads
HTTP Proxy Client 0.8.5
HTTP Proxy Client is a set of libraries and scripts that provide transparent access to Internet. more>>
HTTP Proxy Client is the small set of libraries and scripts, which provides transparent access to Internet via HTTP proxy for programs, which uses TCP/IP for communication.
The list of programs includes: telnet, ftp, licq, cvs, smth else? Project implements dynamic library, that can be preloaded before program run.
The library substitutes some system calls (connect(), gethostbyaddr(), gethostbyname()), with calls, which makes TCP/IP connection through HTTP proxy. This allows client programs behind HTTP proxy work with Internet without limitations.
At the moment tested on i386 Linux, i386/sparc Solaris.
Enhancements:
- While using dotted address, applications will attempt to connect regardless DNS lookup result.
<<lessThe list of programs includes: telnet, ftp, licq, cvs, smth else? Project implements dynamic library, that can be preloaded before program run.
The library substitutes some system calls (connect(), gethostbyaddr(), gethostbyname()), with calls, which makes TCP/IP connection through HTTP proxy. This allows client programs behind HTTP proxy work with Internet without limitations.
At the moment tested on i386 Linux, i386/sparc Solaris.
Enhancements:
- While using dotted address, applications will attempt to connect regardless DNS lookup result.
Download (0.21MB)
Added: 2005-09-13 License: GPL (GNU General Public License) Price:
1510 downloads
MP3::Icecast 0.02
MP3::Icecast is a Perl module to generate Icecast streams, as well as M3U and PLSv2 playlists. more>>
MP3::Icecast is a Perl module to generate Icecast streams, as well as M3U and PLSv2 playlists.
SYNOPSIS
use MP3::Icecast;
use MP3::Info;
use IO::Socket;
my $listen_socket = IO::Socket::INET->new(
LocalPort => 8000, #standard Icecast port
Listen => 20,
Proto => tcp,
Reuse => 1,
Timeout => 3600);
#create an instance to find all files below /usr/local/mp3
my $finder = MP3::Icecast->new();
$finder->recursive(1);
$finder->add_directory(/usr/local/mp3);
my @files = $finder->files;
#accept TCP 8000 connections
while(1){
next unless my $connection = $listen_socket->accept;
defined(my $child = fork()) or die "Cant fork: $!";
if($child == 0){
$listen_socket->close;
my $icy = MP3::Icecast->new;
#stream files that have an ID3 genre tag of "jazz"
while(@files){
my $file = shift @files;
my $info = new MP3::Info $file;
next unless $info;
next unless $info->genre =~ /jazz/i;
$icy->stream($file,0,$connection);
}
exit 0;
}
#a contrived example to demonstrate that MP3::Icecast
#can generate M3U and PLSv2 media playlists.
print STDERR $icy->m3u, "n";
print STDERR $icy->pls, "n";
$connection->close;
}
ABSTRACT
MP3::Icecast supports streaming Icecast protocol over socket or other filehandle (including STDIN). This is useful for writing a streaming media server.
MP3::Icecast also includes support for generating M3U and PLSv2 playlist files. These are common formats supported by most modern media players, including XMMS, Windows Media Player 9, and Winamp.
<<lessSYNOPSIS
use MP3::Icecast;
use MP3::Info;
use IO::Socket;
my $listen_socket = IO::Socket::INET->new(
LocalPort => 8000, #standard Icecast port
Listen => 20,
Proto => tcp,
Reuse => 1,
Timeout => 3600);
#create an instance to find all files below /usr/local/mp3
my $finder = MP3::Icecast->new();
$finder->recursive(1);
$finder->add_directory(/usr/local/mp3);
my @files = $finder->files;
#accept TCP 8000 connections
while(1){
next unless my $connection = $listen_socket->accept;
defined(my $child = fork()) or die "Cant fork: $!";
if($child == 0){
$listen_socket->close;
my $icy = MP3::Icecast->new;
#stream files that have an ID3 genre tag of "jazz"
while(@files){
my $file = shift @files;
my $info = new MP3::Info $file;
next unless $info;
next unless $info->genre =~ /jazz/i;
$icy->stream($file,0,$connection);
}
exit 0;
}
#a contrived example to demonstrate that MP3::Icecast
#can generate M3U and PLSv2 media playlists.
print STDERR $icy->m3u, "n";
print STDERR $icy->pls, "n";
$connection->close;
}
ABSTRACT
MP3::Icecast supports streaming Icecast protocol over socket or other filehandle (including STDIN). This is useful for writing a streaming media server.
MP3::Icecast also includes support for generating M3U and PLSv2 playlist files. These are common formats supported by most modern media players, including XMMS, Windows Media Player 9, and Winamp.
Download (0.033MB)
Added: 2006-11-08 License: Perl Artistic License Price:
1084 downloads
Cubehub Tunnel 1.0
Cubehub is a simple UDP over TCP tunnel application written in Java. more>>
Cubehub is a simple UDP over TCP tunnel application written in Java. It is designed to help people behind a firewall to connect through a TCP connection and play Quake and other UDP-based games.
SOCKS 4 and 5 are protocols that are supposed to allow users to send data through a firewall. However, they only work like this if the SOCKS server is on the firewall itself. Whilst TCP/IP traffic is frequently permitted through firewalls, UDP/IP (required by most online games) is often blocked. When a SOCKS 5 server relays UDP data (SOCKS 4 does not support UDP), the packets are simply relayed, there is no tunnelling involved.
This application provides a solution, tunnelling the data being relayed by a SOCKS server over one or (for better gaming performance) multiple TCP connections to help applications and games to work from behind a restrictive firewall.
Main features:
- Socks 4/5 server
- TCP and UDP tunnelling over single or multiple TCP connections
- Resilience against individual connection dropping
<<lessSOCKS 4 and 5 are protocols that are supposed to allow users to send data through a firewall. However, they only work like this if the SOCKS server is on the firewall itself. Whilst TCP/IP traffic is frequently permitted through firewalls, UDP/IP (required by most online games) is often blocked. When a SOCKS 5 server relays UDP data (SOCKS 4 does not support UDP), the packets are simply relayed, there is no tunnelling involved.
This application provides a solution, tunnelling the data being relayed by a SOCKS server over one or (for better gaming performance) multiple TCP connections to help applications and games to work from behind a restrictive firewall.
Main features:
- Socks 4/5 server
- TCP and UDP tunnelling over single or multiple TCP connections
- Resilience against individual connection dropping
Download (0.19MB)
Added: 2006-06-30 License: Freeware Price:
1216 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above tcp connections vista search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
