cipherdyne.org

Michael Rash, Security Researcher



Software Release - fwknop-0.9.1

The 0.9.1 release of fwknop is ready for download. Here is an excerpt from the ChangeLog:
  • Added the ability to specify multiple ports/protocols to access on a server with the --Access command line option.
  • Added the ability to spoof SPA packets over icmp and tcp protocols.
  • Added the ability to restrict access at the server to only those ports defined in the OPEN_PORTS keyword. This option is controled by a new keyword "PERMIT_CLIENT_PORTS".
  • Bugfix for MD5 sum not being properly calculated over decrypted data. This allowed old packets that contained additional garbage data to be replayed against an fwknop server.
  • Updated to fall back to getpwuid() if getlogin() fails (Blair Zajac).
  • Added --ipt-list to list all current rules in the FWKNOP Netfilter chains.
  • Added --ipt-flush to flush all current rules in the FWKNOP Netfilter chains.
  • Bugfix for the installer dying if ~/lib already exists (Blair Zajac).
  • Updated to delay the loading of server perl modules (Net::Pcap, etc.) only if we are running in server mode.
  • Bugfix for module directory paths in install.pl.