Show
Ignore:
Timestamp:
03/02/08 02:40:01 (9 months ago)
Author:
mbr
Message:

- Crypt::CBC adds the string "Salted" to the beginning of the encrypted
text (at least for how fwknop interfaces with Crypt::CBC), so the fwknop
client was updated to delete the encoded version of this string
"U2FsdGVkX1" before sending a Rijndael-encrypted SPA packet on the wire.
The fwknopd server will add this string back in before decrypting. This
makes it harder to write an IDS signature that looks for fwknop traffic;
e.g. look for the default prefix string "U2FsdGVkX1" over UDP port 62201,
which would work for fwknop clients < 1.9.2 (as long as the port number
is not changed with --Server-port).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • fwknop/trunk/ChangeLog

    r1025 r1026  
    11fwknop-1.9.2 (02//2008): 
     2    - Crypt::CBC adds the string "Salted__" to the beginning of the encrypted 
     3      text (at least for how fwknop interfaces with Crypt::CBC), so the fwknop 
     4      client was updated to delete the encoded version of this string 
     5      "U2FsdGVkX1" before sending a Rijndael-encrypted SPA packet on the wire. 
     6      The fwknopd server will add this string back in before decrypting.  This 
     7      makes it harder to write an IDS signature that looks for fwknop traffic; 
     8      e.g. look for the default prefix string "U2FsdGVkX1" over UDP port 62201, 
     9      which would work for fwknop clients < 1.9.2 (as long as the port number 
     10      is not changed with --Server-port). 
    211    - (Grant Ferley) Submitted patch to handle SIGCHLD in IPTables::ChainMgr. 
    312    - (Grant Ferley) Submitted patch to handle Linux "cooked" interfaces for