[Announce] AngeL v0.9.0

[william.miller () gsa gov]

Thought this might be of some use to the honeypot list.
Toby Miller
GSA Security Engineer


"A wise man is a man who knows he knows nothing at all"
                          - Socrates
----- Forwarded by William T. Miller/CONTRACTOR/THM/CO/GSA/GOV on 11/04/02
01:23 PM -----
                                                                                                                    
                    "Paolo Perego"                                                                                  
                    <p_perego@modi       To:     bugtraq () securityfocus com                                          
                    ano.com>             cc:     (bcc: William T. Miller/CONTRACTOR/THM/CO/GSA/GOV)                 
                                         Subject:     [Announce] AngeL v0.9.0                                       
                    11/04/02 02:59                                                                                  
                    AM                                                                                              
                    Please respond                                                                                  
                    to p_perego                                                                                     
                                                                                                                    
                                                                                                                    




Hi guys from all over the world. I'm very  happy to announce the world,
the new development version of AngeL. AngeL is linux kernel module
designed with security as goal.

However, it is not AngeL's purpose to defend your host from your network
neighbours. AngeL prevents your host from becoming a hostile network
node, i.e., it prevents it from sending hostile packets across the
network. By "hostile" we mean both malicious (e.g., a remote exploit
attempt) and malformed (e.g., with IP or TCP header not properly built)
packets. AngeL operates at network level, blocking all outgoing packets
that match some well known patterns. This is done, using the Linux
kernel firewalling capabilities to capture packets, when packets go
through the kernel TCP/IP stack. Outgoing packets are inspected, at
header level or at payload level if needed, and a decision is made
whether to let them out or not.

AngeL also operates at host level, trapping a set of system calls by
means of appropriate wrappers. Such wrappers look for badly formed
requests, such as passing a shellcode as parameter to a suid program, or
requesting a fork() within an infinite loop. If AngeL accepts the
analyzed system call invocation, it calls the original system call,
otherwise it refuses the operation to the calling program.

The new development tree goals will be:
1. increasing stability and improve hook performance
2. rewrite network layer in order to have a more modular design and make
security rules upgrade easier
3. using the LSM ( http://lsm.immunix.org ) framework when kernel
version 2.6 will be out.
4. ... more, I guess :)

Please take a look to http://www.sikurezza.org/angel for more details
and for downloading the new development version ( AngeL 0.9.0 )

Thanks

Ciao ciao
TheSponge

--
$>cd /pub
$>more beer

(0>
//\  Perego Paolo <p_perego () modiano com> - www.sikurezza.org/angel
V_/_ 'It seems the hardest life I've never known'
I'm Linux drow 2.4.19-4GB - SuSE Linux 7.3 (i386) powered.
(See attached file: signature.asc)

Attachment: signature.asc
Description: