|Index||index by Group||index by Distribution||index by Vendor||index by creation date||index by Name||Mirrors||Help||Search|
|Name: labrea||Distribution: SuSE Linux 8.2 (i586)|
|Version: 2.5b||Vendor: SuSE Linux AG, Nuernberg, Germany|
|Release: 2||Build date: Tue Oct 7 08:17:06 2003|
|Group: System/Daemons||Build host: cipher.linux-howtos.com|
|Size: 427855||Source RPM: labrea-2.5b-2.src.rpm|
|Summary: a "Sticky" Honeypot and Intrusion Detection System|
LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time.
* Wed Sep 10 2003 moi-meme <firstname.lastname@example.org> - src/ctl.c (ctl_init_arrays): Remove call to sleep since not supposed to mix with alarm calls on linux. - src/utils.c (util_alarm), src/labrea.c: Set alarm and signal handlers after going into daemon mode so that child will get signal - src/labrea_init.c, src/lbio.c: Take out fudge code since libdnet 1.7 ethopen now uses the libdnet device names (ie eth1, etc). * Fri Jul 18 2003 moi-meme <email@example.com> - src/labrea_init.c: Tighten checking on invalid numbers input for throttlesize, max bandwidth, etc. - src/utils.c: Correct timer handling so that bandwidth usage will be properly reported. - src/utils.c, labrea_init.c, pkt_handler.c: Change maxbw to Kbytes so as to avoid problems with large bandwidths. * Thu Aug 29 2002 moi-meme <firstname.lastname@example.org> - src/labrea_init.c (labrea_init): Turn off arp sweep if capture subnet is too large. Also give a msg if subnet is large. * Fri Aug 09 2002 moi-meme <email@example.com> - pkt_handler.c (pkt_handler): Set up a "new kid" elt if someone replies to an arp request. * Thu Aug 08 2002 moi-meme <firstname.lastname@example.org> - pkt_handler.c (ip_handler): Move firewalling code outside so as to check dest port of all incoming TCP packets. * Wed Aug 07 2002 moi-meme <email@example.com> - labrea_init.c (labrea_init): Change basic bpf filter to listen to pkts -sent- to the bogus MAC address only. - lbio.c (lbio_send_ip_pkt): Make responses appear to come from bogus virtual machine. * Tue Aug 06 2002 moi-meme <firstname.lastname@example.org> - labrea_init.c, pkt_handler.c, ctl.c, utils.c: Add arp sweep logic to detect live IPs. Replace nk list by a ptr array. * Thu Aug 01 2002 moi-meme <email@example.com> - labrea_init.c (labrea_init): Change test mode to log on stdout, and not fork a child. Eliminate notes on Usage message to improve readability. * Tue Jul 30 2002 moi-meme <firstname.lastname@example.org> - pkt_handler.c (check_ip_ignore_or_new_kid): Remove culling logic. Only cull inactive entries at each timer pop. * Sat Jul 27 2002 moi-meme <email@example.com> - labrea_init.c (labrea_init): Now will accept long options. Add read_number rtn to check input integer validity and prevent buffer overflows. Add new --init-file option to allow user-specified configuration file. Add code to parse all input before bailing out. - labrea.h: Move defines.h to this member. Move prototype definitions to each individual include member (eg utils.h has prototypes for util.c). - includes.h: Move all includes to the corresonding .c source where the include is needed. This simplifies housekeeping on includes. * Fri Jul 26 2002 moi-meme <firstname.lastname@example.org> - pkt_handler.c (throttle_data): Change newthisminute to depend on b/w from each connection and not just # of connections. - ctl.h, utils.c, ctl.c: Change history array to depend on a defined constant. Change code in same way. * Mon Jul 08 2002 moi-meme <email@example.com> - pkt_handler.c (ip_handler): Change port firewalling logic to use dynamic port algorithm. That is, ports don't respond to incoming SYNs until they have seen sufficient activity. Then they start giving back a SYN-ACK. - defines.h: Change some defines to enums as per GNU coding standards. - utils.c: Move code to run "new kids" list into timer signal handler so that code will be invoked on a regular basis, but not at each arp. Also add code in same rtn for dynamic port logic so that if a port shows activity, it will automatically be monitored. - labrea.c: Change pcap_loop to pcap_dispatch so that mainline signal handler code can be called regularly. * Tue Jun 25 2002 moi-meme <firstname.lastname@example.org> - labrea_init.c (labrea_init): Change -n, -m parameters so that can use libdnet input conversion. User has to enter net/mask in standard CIDR format. -m parameter no longer supported. * Thu Jun 20 2002 moi-meme <email@example.com> - Utils.c (CleanExit): Split into 2 rtn so that can generate error code if terminating on error. * Wed Jun 19 2002 moi-meme <firstname.lastname@example.org> - labrea.h, -.c: Move control flags and variables to main ctx structure. Move signal handlers and utility routines to new util.c member. Centralize logging. * Tue Jun 18 2002 moi-meme <email@example.com> - PacketHandler.c, FixArrays.c, LaBrea.c, LaBrea_init.c: Replace u_.. types by libdnet std types. Continue working on replacing hardcoded pkt manipulation by libdnet structures and functions. * Sun Jun 16 2002 moi-meme <firstname.lastname@example.org> - pkt.h, pkt.c: Rework this code to eliminate fragroute-specific stuff, and to handle arps. - PacketHandler.c: Got rid of gotos. * Sat Jun 15 2002 moi-meme <email@example.com> - PacketHandler.c, LaBrea.c, LaBrea_init.c, CleanExit.c: Replace the kotb structure by a TAILQ (vrtq). Each virtual server element is a structure of standard libdnet constructs. * Wed Jun 05 2002 <firstname.lastname@example.org> email@example.com - Data.c: Move constant strings back into pgms to improve readability. This also prepares for possible gettext internationalisation implementation. Eliminate the Data.c file. - LaBrea.c: Use warnx to generate error messages. Eliminate goto calls for error handling. - LaBrea_init.c: Move initialisation stuff to new stand-alone routine. Get rid of gotos. - labrea.h: Move globals into this include file. Eliminate extern declarations in functions. - defines.h: Define file names to dynamically build msgs / determine file names depending on op system. - KOTB.c, IPHandler.c: Move functions into PacketHandler to eliminate -.c includes. - GoDaemon.c: Eliminate another -c include by moving this code to LaBrea_init.c - LaBrea.c, LaBrea_init.c, PacketHandler.c, FixArrays.c, CleanExit.c: Start replacing libnet by libdnet. Replace randqueue1 logic by calls to libdnet rand fn. - FixArrays.c: Eliminate code to parse old-style configuration file syntax. - defines.h: Change some defines to enum. - FixArrays.c, LaBrea_init.c, PacketHandler.c: Add port_array logic to dynamically add ports to be monitored. Also add PMN directive which causes specific ports to be monitored. Simplify FixArray parsing logic. Change IP ignore addresses to be a linked list of addr structures so that a range of addresses is expressed in CIDR notation (xx.xx.xx.xx/nn).
/etc/labrea.conf /usr/sbin/labrea /usr/share/doc/packages/labrea/AUTHORS /usr/share/doc/packages/labrea/COPYING /usr/share/doc/packages/labrea/ChangeLog /usr/share/doc/packages/labrea/INSTALL /usr/share/doc/packages/labrea/NEWS /usr/share/doc/packages/labrea/README /usr/share/doc/packages/labrea/TODO /usr/share/man/man1/labrea.1.gz /usr/share/man/man5/labrea.conf.5.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Jun 20 23:14:37 2015