pasmal 1.7 - port knocking and intrusion detection engine

pasmal 1.7 is a TCP/IP packet authentication system.

The trend is port knocking, pasmal 1.7 is a port knocking daemon :

When it receives a sequence of ICMP or TCP packets to any port (open/closed), it will issue a command on the server. It uses a "smokescreen frame" that features encrypted authentication packets for avoiding sniffers, as well as a TCP/UDP key for remotely activating the system.

pasmal can be configured in text based mode or from your intranet :

pasmal 1.7 comes with an optional Web-based administrator that can handle all its filter/firewall/port knocking/encoding keys facilities.

Intrusion detection engine :

pasmal 1.7 also acts as an intrusion detection system protecting itself with an alert level mode of intrusion, due to its sniffer capabilities.

New features in pasmal 1.7 :

- Intrusion detection engine with level alerts and customizable protection. If an intrusion (UDP/TCP) is sniffed and detected, depending of the delay of intrusion (in seconds or packets), actions will be done to cut it down. For instance, after 1 second of intrusion you can set an iptables filter for the attacking IP, after 15 seconds of attacking, you could just iptables all sources IP's to your servers destination on the forbidden port.

- pasmal port knocking engine has been optimized to stop being a cpu waster, and has been tested on some heavy traffic servers . a MAXLOAD option has been added, so when the server cpu usage is too high, pasmal will stop by itself sniffing. an optional daemon (and listening packet) can be added to relaunch pasmal sniffing mode whenever. This for avoiding DoS attacks.

- pasmal Web(ad)Min is rewritten in 'ok' english, and has all the necessary configuration tools for pasmal

- pasmal default configuration file is re-written, to be easier to use.