Changelog
Fri Aug 13 19:31:59 EDT 2010
Site News for 3rd Quarter 2010
The general frequency of the site has been 1-2 times/month. Recently this was changed to a full quarter. The full quarter idea does not seem to work well. Too much change. That said the frequency is likely to change to an average of once/month. Meaning a month could pass with no news and then a month with two items and so forth. Otherwise absolutely nothing here has changed... which is of course a good thing. Quite a few items on the plate so read on.
Enlightenment Transform Utilty (etu) 0.1.8
Cut
A lot of changes with this release of the one and only graphics program
I maintain. No remarkable user changes though so if your installation still
uses the epeg library then there is no need to upgrade.
That said, if you are tracking enlightenment then the current
version will not deal with jpeg image formats at all and may be
using legacy libraries (if it actually works). Following are the changes
made to this version:
- Migrated source over to
gitagain (my first pass at this last year did not work right). - Moved
epegfunctions toimlib2(where they now reside ine17). - Ran through the
valgrindharness. - Added file information option.
Replacing Ping with Nmap for Nagios
From the text:
Sometimes a system administrator needs to get around a few rules that are in place for good (or not) reasons. One example is when networks have ICMP turned off (or even just a portion of it). With ICMP off it can be difficult to configure tools like Nagios for simple up and down checks. In this text getting around the no ICMP problem and a script to handle it for Nagios.
In 2600 2010 Summer Edition
Another article written by yours truly is in the 2600 Magazine. The article is a 10,000 ft.
overiew about how to setup personal darknets.
Eventually material
written for 2600 may make its way here. Some in fact already has. This is
due to 2600's excellent republish policy which states once 2600 prints it
the rights revert to the author.
New Feeds for the Site
It only took five years but finally, for those interested, there are external feeds/pages about the site for those who do not directly suck down the RSS file. They are:
As per the norm if it turns out the feeds/other sites are more or less useless they will be tossed or alternatively simply forgotten.
Taking a crack at Passive Scanning
Probably the most interesting and incomplete project at the moment is
Netreconn now has the beginning(s) of a passive scanner. So far
the lesson learned has been while snarfing ports and enumerating them
per host is easy enough, there are a lot of challenges when using pure
passive taps to scan
for hosts... which is not really what is going
on. What really is going on is the wire is being watched and particular
data is being correlated. Regardless here are a few of the challenges
thusfar (anyone interested may feel free to download the code and have
a look):
- Ports need their own data structure to record protocol name(s) and port number. This is a pure laziness issue and I will get to it.
- The first pass at OS determination will be via port combinations. I have no idea how that will work.
- Full fingerprinting has been requested. Not sure how to do that yet or even if I want to.
- structures need to be sorted. I am saving this for last because I don't know what the structures are yet.
- How to determine a real service vs. a client port? My thinking right now
is
Nhits and different clients accessing a common singular port. Again, I've no idea how I will implement this.
Otherwise it works, that is to say it can be a bit wily nily but the
core engine that gets the data is there. Eventually the plan is to
merge all three utilities into one. So scanlan,
wiretraf and passive would be one shared codebase.
The exception is I intend to leave a make target to build
scanlan (via defines) with no depends so users can just copy
the static binary anywhere they need to if they do not have pcap
libraries available.
systhread's
