BackTrack 4 R1 Public Release
Following a limited pre-distribution at BlackHat in Las Vegas, muts and the guys at Offensive Security have released the final version of BackTrack 4 R1. The changes are primarily kernel update (2.6.34) and improved wireless drivers. All packages have been updated, and a full Fluxbox desktop environment has also been added – see screenshot below and others here.
BackTrack is an Ubuntu-based Linux distribution geared towards hackers/penetration testers, and comes with a variety of pre-installed security tools. The distro can be used as a Live-DVD, or installed like a normal Linux install. BackTrack 4 was released 6 months ago, on the 9th January 2010. The roadmap for the project can be found here.
The R1 ISO weighs in at 2GB and the VMWare image is 2.5GB. Both downloads are available here.
[Update] BackTrack r2 (Codename: Nemesis) is now available
ipt_pkd – Single Packet Authorization iptables Extension
I stumbled onto the ipt_pkd project recently, although apparently it’s been around since 2007. ipt_pkd is an iptables extension that allows you to do hash-based Single Packet Authorization directly within the iptables firewall. The project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. The knock program (either a Python script or Windows exe) is used to send a UDP authorization packet.
The authorization packet consists of a SHA-256 hash of the following parameters: packet source port number, current time, some random data and a secret key. The current time and random bytes are then sent in the clear so that the server can recreate the hash. The final knock packet is 64 bytes long consisting of an 8-byte header, 4-byte id, 8-byte time, 12-byte random value, and the 32-byte SHA-256 hash.
The daemon does do some replay protection by storing valid hashes it has received and comparing newly received hashes against that list. It also does a verification of the timestamp to check for freshness.
I haven’t yet had the chance to try this one out or assess the security of the implementation, but it’s interesting to see an implementation in the form of an kernel module/iptables extension. If anyone’s tried this out I’d be interested to hear about it.
Loading ...
