OSDN -- 开发和下载开源软件
简体中文翻译状态 translation status for zh

RSS
Download List

项目描述

fwknop implements an authorization scheme called Single Packet Authorization that requires only a single encrypted packet to communicate various pieces of information, including desired access through an iptables, ipfw, or pf firewall policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Also supported is a robust port knocking implementation based around iptables log messages.

系统要求

System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.

2012-12-10 11:07
2.0.4

在服务器端,此版本添加 chain_exists() 复选 SPA 规则创建以便如果删除的任何 fwknop 链是出从 fwknopd 下,他们将在飞上重新创建。它将新 SPA 数据包侦察系统功能添加到要协助的水疗中心操作验证的测试套件。它将添加新贵配置运行暴发户守护程序的系统。OpenBSD ndbm/gdbm 用法修复错误。ICMP 类型代码参数已经添加了用于当 SPA 数据包通过 ICMP 发送的客户端命令行。
标签: Stable
On the server side, this release adds a chain_exists() check to SPA rule creation so that if any of the fwknop chains are deleted out from under fwknopd, they will be recreated on the fly. It adds new SPA packet fuzzing capability to the test suite to assist in validation of SPA operations. It adds upstart config for systems running the upstart daemon. An OpenBSD ndbm/gdbm usage bugfix. ICMP type/code client command line arguments have been added for when SPA packets are sent over ICMP.

2012-01-04 03:09
2.0

这是 fwknop C 重写的生产版本。它为三个不同的开放源码防火墙 (iptables,除去规则例子: 和 pf)、 嵌入式的系统和移动设备带来了单个数据包授权。Fwknopd 服务器运行在 Linux、 Mac OS X、 FreeBSD,OpenBSD 上。在客户端上的所有这些平台,以及 Android、 iPhone 和这个软件在 Windows 下的运行。此外,客户端是便携式的并可以编译为本机 Windows 二进制文件。
This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.

2011-12-15 07:35
2.0rc5

此版本添加了 OpenBSD PF 的支持,添加新的 FORCE_NAT 模式,以透明的方式强制经过身份验证的连接到指定的内部系统,添加一个全面的测试套件,并添加自动过期水疗中心键的能力。发了几个内存处理错误修正。
This release adds OpenBSD PF support, adds a new FORCE_NAT mode to transparently force authenticated connections to specified internal systems, adds a comprehensive test suite, and adds the ability to automatically expire SPA keys. Several memory handling bugfixes were made.

2009-09-09 22:35
1.9.12

该FKO模块是libfko库的一部分是完全集成的所有水疗套路:加密/解密,消化计算,重放攻击检测,等恢复的能力从接口错误条件加入如当fwknopd吸PPP接口, (比如,与相关的VPN)的消失,然后重新创建。该fwknop客户端更新,以包括前DNS解析的温泉疗养胜地发送时通过HTTP请求数据包的水疗。
The FKO module that is part of the libfko library was fully integrated for all SPA routines: encryption/decryption, digest calculation, replay attack detection, etc. The ability to recover from interface error conditions was added, such as when fwknopd sniffs a ppp interface (say, associated with a VPN) that goes away and then is recreated. The fwknop client was updated to include the SPA destination before DNS resolution when sending an SPA packet over an HTTP request.

2009-05-13 19:10
1.9.11

支持,并加入ipfw的“集合”在FreeBSD和Mac OS X系统。关于该是与旧版本的libpcap某些情况下,暴露Debian系统段错误是固定的。在- ICMP的类型和- ICMP的代码的命令行参数增加了客户的fwknop以手动设置ICMP类型/代码值当使用“ -斯波夫,原始的ICMP”或“ -服务器原始的ICMP “。支持,增加了多个包含/排除测试识别字符串(以逗号分隔)。
标签: Major
Support was added for ipfw "sets" on FreeBSD and Mac OS X systems. A segfault on Debian systems that was exposed in some circumstances with older versions of libpcap was fixed. The --icmp-type and --icmp-code command line arguments were added for the fwknop client in order to manually set the ICMP type/code values when using "--Spoof-proto icmp" or "--Server-proto icmp". Support was added for multiple include/exclude test identifying strings (separated by commas).

Project Resources

Project Page 下载: bzip2 下载: 变更日志 首页 下载: List 下载: Mirror 下载: RPM 下载: TGZ