| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: labrea | Distribution: SuSE Linux 8.2 (i586) |
| Version: 2.5b | Vendor: SuSE Linux AG, Nuernberg, Germany |
| Release: 2 | Build date: Tue Oct 7 08:17:06 2003 |
| Group: System/Daemons | Build host: cipher.linux-howtos.com |
| Size: 427855 | Source RPM: labrea-2.5b-2.src.rpm |
| Packager: http://www.linux-howtos.com | |
| Summary: a "Sticky" Honeypot and Intrusion Detection System | |
LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time.
GPL
* Wed Sep 10 2003 moi-meme <asdfg@localhost.my.domain>
- src/ctl.c (ctl_init_arrays): Remove call to sleep since not
supposed to mix with alarm calls on linux.
- src/utils.c (util_alarm), src/labrea.c: Set alarm and signal
handlers after going into daemon mode so that child will get
signal
- src/labrea_init.c, src/lbio.c: Take out fudge code since
libdnet 1.7 ethopen now uses the libdnet device names (ie eth1,
etc).
* Fri Jul 18 2003 moi-meme <asdfg@localhost.my.domain>
- src/labrea_init.c: Tighten checking on invalid numbers input for
throttlesize, max bandwidth, etc.
- src/utils.c: Correct timer handling so that bandwidth usage will
be properly reported.
- src/utils.c, labrea_init.c, pkt_handler.c: Change maxbw to Kbytes so
as to avoid problems with large bandwidths.
* Thu Aug 29 2002 moi-meme <asdfg@sora.localdomain>
- src/labrea_init.c (labrea_init): Turn off arp sweep if capture
subnet is too large. Also give a msg if subnet is large.
* Fri Aug 09 2002 moi-meme <asdfg@sora.localdomain>
- pkt_handler.c (pkt_handler): Set up a "new kid" elt if someone
replies to an arp request.
* Thu Aug 08 2002 moi-meme <asdfg@sora.localdomain>
- pkt_handler.c (ip_handler): Move firewalling code outside so as
to check dest port of all incoming TCP packets.
* Wed Aug 07 2002 moi-meme <asdfg@sora.localdomain>
- labrea_init.c (labrea_init): Change basic bpf filter to listen
to pkts -sent- to the bogus MAC address only.
- lbio.c (lbio_send_ip_pkt): Make responses appear to come from
bogus virtual machine.
* Tue Aug 06 2002 moi-meme <asdfg@sora.localdomain>
- labrea_init.c, pkt_handler.c, ctl.c, utils.c: Add arp sweep logic to detect live
IPs. Replace nk list by a ptr array.
* Thu Aug 01 2002 moi-meme <asdfg@sora.localdomain>
- labrea_init.c (labrea_init): Change test mode to log on stdout,
and not fork a child. Eliminate notes on Usage message to improve
readability.
* Tue Jul 30 2002 moi-meme <asdfg@sora.localdomain>
- pkt_handler.c (check_ip_ignore_or_new_kid): Remove culling
logic. Only cull inactive entries at each timer pop.
* Sat Jul 27 2002 moi-meme <asdfg@sora.localdomain>
- labrea_init.c (labrea_init): Now will accept long options. Add
read_number rtn to check input integer validity and prevent buffer
overflows. Add new --init-file option to allow user-specified
configuration file. Add code to parse all input before bailing
out.
- labrea.h: Move defines.h to this member. Move prototype
definitions to each individual include member (eg utils.h has
prototypes for util.c).
- includes.h: Move all includes to the corresonding .c source
where the include is needed. This simplifies housekeeping on includes.
* Fri Jul 26 2002 moi-meme <asdfg@sora.localdomain>
- pkt_handler.c (throttle_data): Change newthisminute to depend on
b/w from each connection and not just # of connections.
- ctl.h, utils.c, ctl.c: Change history array to depend on a
defined constant. Change code in same way.
* Mon Jul 08 2002 moi-meme <asdfg@sora.localdomain>
- pkt_handler.c (ip_handler): Change port firewalling logic to use
dynamic port algorithm. That is, ports don't respond to incoming
SYNs until they have seen sufficient activity. Then they start
giving back a SYN-ACK.
- defines.h: Change some defines to enums as per GNU coding
standards.
- utils.c: Move code to run "new kids" list into timer signal
handler so that code will be invoked on a regular basis, but not
at each arp. Also add code in same rtn for dynamic port logic so
that if a port shows activity, it will automatically be monitored.
- labrea.c: Change pcap_loop to pcap_dispatch so that mainline
signal handler code can be called regularly.
* Tue Jun 25 2002 moi-meme <asdfg@sora.localdomain>
- labrea_init.c (labrea_init): Change -n, -m parameters so that
can use libdnet input conversion. User has to enter net/mask in
standard CIDR format. -m parameter no longer supported.
* Thu Jun 20 2002 moi-meme <asdfg@sora.localdomain>
- Utils.c (CleanExit): Split into 2 rtn so that can generate error
code if terminating on error.
* Wed Jun 19 2002 moi-meme <asdfg@sora.localdomain>
- labrea.h, -.c: Move control flags and variables to main ctx
structure. Move signal handlers and utility routines to new util.c
member. Centralize logging.
* Tue Jun 18 2002 moi-meme <asdfg@sora.localdomain>
- PacketHandler.c, FixArrays.c, LaBrea.c, LaBrea_init.c: Replace
u_.. types by libdnet std types. Continue working on replacing
hardcoded pkt manipulation by libdnet structures and functions.
* Sun Jun 16 2002 moi-meme <asdfg@sora.localdomain>
- pkt.h, pkt.c: Rework this code to eliminate fragroute-specific
stuff, and to handle arps.
- PacketHandler.c: Got rid of gotos.
* Sat Jun 15 2002 moi-meme <asdfg@sora.localdomain>
- PacketHandler.c, LaBrea.c, LaBrea_init.c, CleanExit.c: Replace
the kotb structure by a TAILQ (vrtq). Each virtual server element
is a structure of standard libdnet constructs.
* Wed Jun 05 2002 <zoosoo@mybox.localdomain> loren.gordon@videotron.ca
- Data.c: Move constant strings back into pgms to improve
readability. This also prepares for possible gettext
internationalisation implementation. Eliminate the Data.c file.
- LaBrea.c: Use warnx to generate error messages. Eliminate goto
calls for error handling.
- LaBrea_init.c: Move initialisation stuff to new stand-alone
routine. Get rid of gotos.
- labrea.h: Move globals into this include file. Eliminate extern
declarations in functions.
- defines.h: Define file names to dynamically build msgs /
determine file names depending on op system.
- KOTB.c, IPHandler.c: Move functions into PacketHandler to
eliminate -.c includes.
- GoDaemon.c: Eliminate another -c include by moving this code to
LaBrea_init.c
- LaBrea.c, LaBrea_init.c, PacketHandler.c, FixArrays.c,
CleanExit.c: Start replacing libnet by libdnet. Replace randqueue1
logic by calls to libdnet rand fn.
- FixArrays.c: Eliminate code to parse old-style configuration
file syntax.
- defines.h: Change some defines to enum.
- FixArrays.c, LaBrea_init.c, PacketHandler.c: Add port_array
logic to dynamically add ports to be monitored. Also add PMN
directive which causes specific ports to be monitored. Simplify
FixArray parsing logic. Change IP ignore addresses to be a
linked list of addr structures so that a range of addresses is
expressed in CIDR notation (xx.xx.xx.xx/nn).
/etc/labrea.conf /usr/sbin/labrea /usr/share/doc/packages/labrea/AUTHORS /usr/share/doc/packages/labrea/COPYING /usr/share/doc/packages/labrea/ChangeLog /usr/share/doc/packages/labrea/INSTALL /usr/share/doc/packages/labrea/NEWS /usr/share/doc/packages/labrea/README /usr/share/doc/packages/labrea/TODO /usr/share/man/man1/labrea.1.gz /usr/share/man/man5/labrea.conf.5.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat May 18 23:04:33 2013