Version 0.12 (2005-03-29) ========================= - FEATURE: added an '--action' option to execute a program when a disallowed MAC packet was detected - MINOR LEGACY BREAKAGE: sorting of IP addresses happens now in an endian-neutral manner. This can change the behavior in ambiguous configurations. - MINOR LEGACY BREAKAGE: support for old logging format was physically removed from source. Version 0.11 (2004-12-16) ========================= - FEATURE: hosts with a certain MAC can be blocked regardless of the IP. This feature has the syntax '*@' and can be used e.g. to isolate hosts which are infected by worms or viruses. - LEGACY BREAKAGE: '--poision --mac 802.3x --direction BOTH' are now the default options as already announced in version 0.8. Version 0.10 (2004-06-17) ========================= - cleaned up the code; take reusable variants for the vector* and fmt* functions - fixed compilation with dietlibc 0.26 - LEGACY BREAKAGE: use tai64n timestamps for logging - LEGACY BREAKAGE: remove the complicated 'minit' run-script; it is now a symlink and options must be configured in 'params' manually Version 0.9 (2003-12-16) ======================== - networks with '@MAC' statements are taking precedence over those with the same netmask but without such statements. This makes it possible to declare a pool of MACs within a network with dynamic IP assignment. This change affects ambiguous configurations only which would have an undefined behavior in previous versions. - BUGFIX: requests which are matching negated '@!MAC' statements, are taking now precedence over later, more general matches (reported by Sergeev Sergey) - added workarounds for a bug in dietlibc-0.24's printf() function (affects testsuite only), and a gcc optimization bug (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=110966) Version 0.8 (2003-10-31) ======================== Default options/behavior have not been changed yet, but chances are high that they will become '--poision --mac 802.3x --direction BOTH'. - FEATURE: added '--poison' option which enables the generation of ARP-replies for the ip of intruders when the intruder sends an ARP-request. When using a negated '@!MAC' syntax, this MAC will be used for the questionable IP. This option works only, when '--direction FROM|BOTH' is used. Inspired by ideas of Sergeev Sergey. - BUGFIX: in '--direction FROM' mode, ignore 0.0.0.0 automatically since it is used for duplicate address detection and/or DHCPDISCOVER messages - made generated (tha,tpa) arp-parameters RFC826 compliant; formerly, broadcast-values were used. It will require some testing to see which version is more effective/working. - FEATURE: allowed to specify MAC addresses for source-ip addresses. This makes it possible to disturb intruders which are using officially assigned IP addresses. This feature has the syntax 'ip[/mask][@mac]' and takes only effect on packages coming *from* intruders. Inspired by Mark Pierce. Version 0.7 (2003-09-09) ======================== NOTE: large parts of the project were touched to implement the new scheduler. It has been tested extensively, but when you encounter problems, it is recommended to go back to version 0.6 (after you reported those problems to me, of course). Future version will probably default to '--mac 802.3x', '--llmac LOCAL' and '--direction BOTH'; but the current version uses still the legacy '--mac RANDOM' and '--direction TO' defaults. - added comprehensive 'simulate' testsuite-program which prints out the ether/arp headers which would be generated by the real program - added '--llmac' option to configure MAC address used in linklevel- headers when answering a request *from* intruders - FEATURE: ip-sentinel will answer arp-requests *from* intruders also. This feature is disabled by default; you can enable it with the new '--direction FROM/BOTH' cmdline option. Suggested by Mark ZZZ Smith. - FEATURE: changed from forked worker-processes to one worker process with an own scheduler; this allows to increase the number of pending ARP-replies significantly (formerly 40, now 511; see src/parameters.h) without lowering system performance. - LEGACY BREAKAGE: enhanced/changed the log-format; when you want the old one, go into Worker_printJob() in src/worker.c and change the '#if 0' to '#if 1'. Note that this preprocessor directive can and will disappear in future versions without explicit warnings. - FEATURE: a '--mac' option was added which allows to specify the used mac-address; this option and the config-file understands special values like '802.1d' or '802.3x'. This was suggested by Mark ZZZ Smith. Version 0.6 (2003-08-06) ======================== - FEATURE: support for numeric IP-ranges was added; suggested by Jon Belanger - ship minit run-script in contrib/ Version 0.5 (2003-07-15) ======================== - BUGFIX: when having multiple interfaces in the host, ip-sentinel listened on all ones instead only on this given on the cmd-line. Thanks to Sergeev Sergey for reporting this. - enhanced RHL-initscript Version 0.4 (2003-05-27) ======================== - logging was enhanced - anti-DOS limits were increased a little bit - FEATURE: it is allowed to specify a MAC for networks - build with RH 5.2 was fixed - a lot of minor cleanups Version 0.3 (2002-11-27) ======================== - minor code-cleanups - certain mechanism (anti-DOS, vector-resizing, sliding random MACs) were documented and parameterized ; see src/parameters.h for details - BUGFIX: broken signal-handling with dietlibc was fixed (dietlibc sets SIG_DFL handler when entering a handler and -- in opposite to glibc-2.3.1 -- does not restore this value to the handler set with signal()) - BUGFIX: stupid typo in vector-resize code which caused excessive memory-consumption was fixed - testsuite was modified to give more determined results with different bsort() implementations Version 0.2 (2002-11-22) ======================== - build-fixes with RH 6.2 - minor build-fixes - documentation was added Version 0.1 (2002-11-16) ======================== - initial release