2007-01-07 19:56:18

by Jan Engelhardt

[permalink] [raw]
Subject: [announce] chaostables 0.4

[Not sure if netfilter/nmap-dev bounce when you are not subscribed,
remove if in doubt.]


Hello lists,


chaostables 0.4 has been released. This is a package containing some
netfilter modules to work against nmap and port scans. 'portscan' can
match on stealth, syn, connect scans, also finds FIN-connect scans and
simple banner grabbing. 'DELUDE' works like TARPIT, making it look like
the port is open, but actually does not hold the connection like TARPIT,
hence should not fill up conntrack. 'CHAOS' will deliver what it says:
slows down nmap scans[1] and provides back bogus non-deterministic
replies -- the more even with DELUDE/TARPIT.

For Linux 2.6.18, .19, .20, iptables 1.3.6, 1.3.7. CHAOS
currently requires TARPIT during build and runtime.

'portscan' and 'CHAOS' can also be synthesized by rule logic "only"[2],
giving way to possibly implement it on BSD ipf* too. Details in
doc/fw.html.

Suggestions for improvement are welcome.
Please discuss the usefulness and let me
hear [LKML] any objections for inclusion in Linux mainline too.

http://freshmeat.net/releases/244538/ - this release
http://freshmeat.net/p/chaostables/ - generally


Thanks,
Jan


[1] nmap 3.81 timings have been done back in 2005, but things have
changed a little since 4.x. Redoing the timing benchmarks is already on
TODO.

[2] Requires: connmark && CONNMARK &&
(conntrack || state) &&
(random || nth || statistic || hashlimit)
or equivalent. Depends on how you implement it.