root/fwknop/tags/fwknop-1.9.4/CREDITS

Revision 1104, 8.5 kB (checked in by mbr, 4 months ago)

- Bugfix to not open ports that are not specifically requested in an SPA
packet even if those ports are listed in the OPEN_PORTS variable in the
access.conf file.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1 David Jacobs
2     - Suggested IP/network lists in SOURCE definitions
3     - Wording fixes in fwknop(8) manpage.
4     - Assisted in fwknop-1.9.2 testing.
5
6 Brian Snipes
7     - Wrote a graphical front-end for fwknop called "fwknopFE":
8         http://www.snipes.org/index.php?page=fwknopFE
9     - Found bug with legacy fingerprinting file "posf".
10
11 Joel Loudermilk
12     - Submitted patch to optionally disable email alerting.  The end result
13       was the addition of the REPORT_METHOD keyword in fwknop.conf.
14
15 Blair Zajac
16     - Submitted patch to not install perl modules in /usr/lib/fwknop/ that
17       are already installed in the system perl lib tree.
18     - Submitted patch to use getpwuid() instead of just getlogin().
19     - Submitted patch to fix bug in install.pl and how the ~/lib directory
20       is created in client install mode.
21     - Found bug with perl module file paths and naming convention (this bug
22       resulted in some modules being needlessly installed).
23     - Suggested that fwknop handle rotated log files (even pcap logs get
24       rotated on some systems).
25     - Suggested that modules only required in server mode are not use at
26       runtime when running fwknop in client mode.
27     - Suggested -O optimization in Makefile.
28     - Found bug where log rotation detection would break under the size
29       change detection method.  The result was the inode check in 0.9.6.
30     - Found bug where some Linux distributions have /var/run as type tmpfs,
31       and this caused fwknopd to die because it couldn't write to its PID
32       file.
33     - Suggested command path update code in install.pl so that the user does
34       not always have to edit the fwknop.conf and knopwatchd.conf files if
35       the system does not have commands in the default locations.
36
37 Will McCracken
38     - Reported bug on OS X where getlogin() does not return the correct
39       data.  This permitted fwknop to be updated to fall back to ENV{'USER'}
40       var.
41
42 Omar A. Herrera
43     - Submitted a patch to fix a timeout bug in knoptm that caused newly
44       created rules to be deleted too quickly.
45
46 Werner Wiethege
47     - Submitted a patch to fix a bug in knoptm where inappropriate hash
48       keys were being deleted and so previous timeouts would apply to the
49       current interval.
50
51 Ronald Bister
52     - Submitted a fix for not being able to parse ifconfig output correctly
53       when languages besides English are used.
54
55 Hank Leininger
56     - Suggested privilege separation to minimize code that executes as root.
57     - Suggested NULL password GPG keys.
58     - Suggested integration with ssh-agent and gpg-agent.
59
60 Dwayne Rightler
61     - Submitted patch to fix bug where whatismyip.com altered their return
62       data format and this broke the -w command line switch.
63
64 Sebastien Jeanquier
65     - Contributed more rigorous regular expression for matching an IP address.
66     - Suggested allowing symmetric keys to exceed 256 bits.
67     - Suggested using Crypt::Random for random number generation.
68     - Suggested the integration of time synchronization as an additional
69       measure for the fwknopd daemon to validate incoming SPA packets (this
70       will probably be enabled by default).
71     - Suggested a new method of interacting with iptables to redirect
72       connections to one port to another port on the same system.
73     - Suggested making the --Spoof-user argument useable by non-root users.
74     - Suggested the ability to randomize a spoofed IP address.
75     - Suggested building in compatibility with external IP resolution sites
76       such as http://www.whatismyip.com/
77     - Provided a Mac OS X system to develop fwknop support for OS X.  Many
78       thanks!
79     - Helped with the testing process for fwknop-1.8.2 and OS X support.
80     - Suggested the integration of SHA256 for replay attack detection.
81     - Suggested the OPEN_PORTS fix to not open ports that are not
82       specifically requested in an SPA packet.
83     - Noticed the bug where the "keep-state" option was not noticed when
84       checking for state tracking rules in ipfw policies.
85
86 Mate Wierdl
87     - Contributed patch (originally for the psad project) for building the
88       RPM on x86_64 platforms.
89
90 Raul Siles
91     - Bug report to allow OPEN_PORTS to be omitted in access.conf in favor of
92       having only PERMIT_CLIENT_PORTS enabled.
93
94 Leland Weathers
95     - Submitted patch to allow the GPG_REMOTE_ID variable to have the value
96       "ANY" to allow arbitrary gpg signing keys to match the SOURCE block.
97
98 Juuso Alasuutar
99     - Suggested that the install.pl script offer a mode where the user is not
100       prompted at all in order to make it easier to integrate fwknop with
101       the Source Mage Linux distribution. The result is the --Defaults option
102       to the install.pl script.
103     - Suggested the ability to use gpg keys without passwords.
104
105 Neal Baer
106     - Tested the fwknop-1.8 release for Windows systems (running Cygwin).
107     - Tested the cd_rpmbuilder script on SuSE systems.
108
109 Graham Clark
110     - Suggested man page documentation bug fixes.
111
112 Roy Segovia
113     - Submitted patch to fix print statement bug in command mode where the
114       command was inappropriately prepended with the source IP address.
115     - Reported bug with running fwknop under Cygwin on Windows 2003 Server,
116       which reports 'Gygwin' under the 'uname -o' output.
117
118 Mark Van De Vyver
119     - Reported a bug where the iptables command path was not being properly
120       discovered if it did not reside at the default location specified in the
121       fwknop.conf file.
122     - Submitted various documentation issues with the fwknop man pages. The -D
123       option in fwknop-1.8.2 resulted from this feedback.
124     - Reported a bug where the .xsession.errors file would fill with output
125       logged by fwknop when null passwords were read from stdin.
126
127 Flavio Machado
128     - Reported command mode bug where the source IP address is not properly
129       communicated to the SPA server.
130
131 Eggert Ehmke
132     - Reported resolution bug with http://www.whatismyip.com/.  The result was
133       the interpretation of the link designed for automated scripts:
134       http://www.whatismyip.com/automation/n09230945.asp
135
136 Luis Martin Garcia
137     - Suggested using http://www.whatismyip.org/ instead of
138       http://www.whatismyip.com/
139
140 Gerry Reno
141     - Reported legacy knopwatchd.conf file in RPM package in fwknop-1.8.2.
142
143 Sean Greven
144     - Submitted patch for enhanced 'fwknopd --debug' output to include raw hex
145       dumps of SPA packet data before and after attempted decryption
146       operation. This allows the integration of cipher implementations other
147       than Crypt::Rijndael or GnuPG ciphers to be validated.
148     - Contributed a UI written in Delphi that runs on Windows platforms and
149       builds its own SPA packets without using the fwknop client.  This is an
150       important development, since it proves that third-party UI integration
151       is possible.
152
153 Franck Joncourt
154     - Performed analysis of locale settings and suggested using the LC_ALL
155       environmental variable instead of the LANG variable (which is superseded
156       by LC_* vars).
157
158 Jose Luis Bellido
159     - Provided testing support for fwknop running on systems with Spanish
160       locale settings, and validated fwknop GnuPG communications.
161
162 Marius Rugan
163     - Suggested the ability to add firewall accept rules to the iptables
164       OUTPUT chain.
165
166 Grant Ferley
167     - Submitted patch to handle SIGCHLD in IPTables::ChainMgr.
168     - Submitted patch to handle Linux "cooked" interfaces for packet capture
169       (e.g. rp-pppoe interfaces).
170
171 The SPAPICT Team
172     - The SPAPICT Team consists of the following people:
173             Ambar Seksena (advisor)
174             Nippun Goel (advisor)
175             Abhishek Rahirikar (developer)
176             Aaditya Badve (developer)
177             Saurabh Jain (developer)
178             Satyajit Deshpande (developer)
179     - Submitted patch to implement client-defined firewall access timeouts.
180     - Submitted patch to implement SHA1 digests in SPA messages.
181     - Made various suggestions for the implementation of important fwknop
182       extensions, such as the integration architecture with Kerberos.
183
184 BoneKracker
185     - Made a post to a Gentoo forum entitled "Single-Packet Authentication
186       (Crypt-Port-Knocking) in BASH".  In this post it is mentioned that SPA
187       packets can be sent over random ports, and this suggestion is now
188       implemented in fwknop-1.9.4 in two forms: the --rand-port option, which
189       sends the SPA packet itself over a random UDP port, and --NAT-rand-port
190       which selects a random port encrypted within an SPA packet that is used
191       by the fwknopd server to forward connections over.
192
193 Kevin Hilton
194     - Suggested making the init script position as "99" instead of "20" on
195       Ubuntu systems.
Note: See TracBrowser for help on using the browser.