December 6th 2010
During my last kernel upgrade I recognized that the iptables mirror target I published here, here and here does not work anymore with kernel version 2.6.36. You can download the newer version for 2.6.36 and probably future kernels here:
[download#46] |
|
To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive, run the compile.sh script and the install.sh script.
Now you may use the mirror target in place of the reject or drop target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:
$IPTABLES -A INPUT -j MIRROR
Beware: The use of the mirror target may have strange results, i.e. if you want to connect to the iptables protected machine, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. Worst case: if you have two machines using this module they may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.
Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.
[download#45]
[download#12]
[download#13]
[download#14]
[download#32]
[download#39] |
|
regards
Jürgen
Loading...
Posted in kernel, linux, networking, security | 1 Comment »
October 24th 2010
Over time one collects lots of WEP and WPA keys with mobile devices like nokia´s n800 or n810. Often you want to use these keys with other devices or need them after reinstalling the OS.
For maemo based devices like the n800 and the n810 it is quite easy to recover the previously stored wireless keys, since they are stored unencrypted in gconf. Just open an xterm and enter the following line:
gconftool-2 -R /system/osso/connectivity/IAP |egrep ‘(pass|name|wlan_wepkey)’
The output you get is a list containing all wireless keys and network names you stored on the device. Note that the output contains the key first and the network name is being displayed a line below the corresponding key.
Jürgen
Loading...
Posted in linux, maemo, networking, security | 2 Comments »
August 24th 2010
The iptables mirror target I published here and here does not work anymore with kernel version 2.6.35. You can download the newer version for 2.6.35 and probably future kernels here:
[download#39] |
|
It should work with kernels since 2.6.31. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive, run the compile.sh script and the install.sh script.
Now you may use the mirror target in place of the reject or drop target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:
$IPTABLES -A INPUT -j MIRROR
Beware: The use of the mirror target may have strange results, i.e. if you want to connect to the iptables protected machine, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. Worst case: if you have two machines using this module they may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.
Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels.
[download#12]
[download#13]
[download#14]
[download#32]
[download#45] |
|
regards
Jürgen
Loading...
Posted in kernel, linux, security | 5 Comments »
October 9th 2009
The iptables mirror target I published here does not work anymore with kernel version 2.6.31. You can download the newer version for 2.6.31 and probably future kernels here:
[download#32] |
|
To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive, run the compile.sh script and the install.sh script.
Now you may use the mirror target in place of the reject or drop target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:
$IPTABLES -A INPUT -j MIRROR
Beware: The use of the mirror target may have strange results, i.e. if you want to connect to the iptables protected machine, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. Worst case: if you have two machines using this module they may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.
Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels.
[download#12]
[download#13]
[download#14] |
|
These versions do not work with 2.6.35 kernels. See iptables mirror target for kernel version 2.6.35 for the newer one.
regards
Jürgen
Loading...
Posted in kernel, linux, security | 3 Comments »
April 17th 2009
A while ago I wanted to make my iptables firewall a bit active. During my searches I found the iptables mirror target, which takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. Sadly the mirror target has been dropped somewhere around linux version 2.5 for security concerns. Somewhere in the web I found sources for a 2.5 kernel version and made them work with some 2.6.
I want to share this with the community now. So you can download the modified modules sources on www.mygnu.de. To build the module, boot the kernel version you want to use the module with, and unpack the archive. Afterwards run the compile.sh script and the install.sh script.
Now you may use the mirror target in place of the reject or drop target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:
$IPTABLES -A INPUT -j MIRROR
Beware: The use of the mirror target may have strange results, i.e. if you want to connect to the iptables protected machine, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. Worst case: if you have two machines using this module they may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.
Downloads for the most recent kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and probably for future kernels. If you need a version for an older kernel, leave a comment. Then I can look if I have a module version archived for the kernel version you need.
[download#12]
[download#13]
[download#14]
[download#45] |
|
Addon: The 2.6.28 version also works for 2.6.30 kernels.
These versions do not work with 2.6.31 kernels. See iptables mirror target for kernel version 2.6.31 or iptables mirror target for kernel version 2.6.35 for the newer ones.
regards
Jürgen
Loading...
Posted in kernel, linux, networking, security | 14 Comments »