FreeIPS / News: Recent posts

As NetBSD 2.0 release is just around the bend, research is being done to port FreeIPS to NetBSD. Included in the project will not only be the FreeIPS userland app, but also a kernel module for an ipdivert-like system.

In the first stage of design, we are looking at two seperate parts of FreeIPS for NetBSD. One being a kernel module, and the other would be the userland app. The only other way to do it would be to put the whole project in kernel-land. That would be insecure. This way allows for tighter security kernel-level. All code that goes into the kernel module will be looked over with utmost care.... read more

We are excited to announce the release of FreeIPS 2.0. It is a complete rewrite of the original FreeIPS. It contains many advancements.

Here are some of the highlights:
1) Faster, more efficient packet-check algorithms
2) New, more flexible configuration file syntax
3) TCP and UDP intrusion detection scheme moved to plugins
4) Configuration file validation
5) Faking of accepting a packet

We are excited to see how future FreeIPS versions do. We are still working on a heuristic packet analysis engine, as well as a stateful packet analysis engine.

I feel confident to say that FreeIPS 2 will be available for beta test within the first two weeks in August.

I wrote all the base code (423 lines) in just a little over an hour today. All that's left to do is write the TCP and UDP intrusion prevention code.

I will still require pcre. But I'm going to try to stay away from libnet. Why require a library when I can include the code myself? Of course, I'll be getting some help from friends.

It's been a long time, I know. But I've been _very_ busy with school, 4 jobs, and a social life. Sorry for the long wait...

Included in this release:
1) TCP RST+ACK back to malicious client and victimized server
2) Major algorithm improvements
3) Plugins system more flexible and stable
4) Various bug fixes (along with vulns I reported to bugtrac)

FreeIPS 1.1 now also depends upon libnet (to send TCP RST+ACK). If you don't have libnet, please get it.... read more

I recently switched to FreeBSD 5-CURRENT. There are memory issues with MALLOC_EXTRA_SANITY is turned on in libc. It is turned on by default.

FreeIPS runs fine in FreeBSD 5-CURENT with MALLOC_EXTRA_SANITY turned off. There is no problem with my code.

If you want to be able to use FreeIPS before 5 reaches -STABLE, you'll have to edit /usr/src/lib/libc/malloc.c and edit two lines:

(line numbers not shown)
where you see "#ifndef MALLOC_EXTRA_SANITY", put:
"#ifdef MALLOC_EXTRA_SANITY"... read more

Do _NOT_ use FreeBSD 5.x and FreeIPS. There are bugs that needed to be worked out. We will be working out the bugs either when we see a desire by our users, or when we upgrade to FreeBSD 5.x.

As for FreeBSD 4.x, you are free to use it at your will.

Well, after a harddrive crash, we are finally getting back up to coding. We've just got two things left to do before we can release the next version. One of the things, ICMP Unreach to malicious client, should take just a couple minutes to implement.

The other, TCP RST+ACK to malicious client, should take possibly a couple days to a couple weeks.

After that, we'll be working full-time on plugins.

We're now using SourceForge's CVS system. In some confusion, two modules were created: current and freeips-current. We will be using freeips-current.

I've set up three mailing lists, freeips-current@, freeips-stable@, and freeips-plugins@.

freeips-current tracks all the changes to the -current CVS system. freeips-stable tracks all the changes in the -stable CVS system. freeips-plugins tracks changes between the plugin API and the officially supported plugins. Plugin API can change, due to new features that plugin authors may want to use.

Well, I've got the project registered. I've just got to prep the code for a release. I should have a release up this weekend.

The code is FreeBSD-only right now, and you need to have IPDIVERT compiled into your kernel.