Hi guys from all over the world. I'm very happy to announce the world, the new development version of AngeL. AngeL is linux kernel module designed with security as goal. However, it is not AngeL's purpose to defend your host from your network neighbours. AngeL prevents your host from becoming a hostile network node, i.e., it prevents it from sending hostile packets across the network. By "hostile" we mean both malicious (e.g., a remote exploit attempt) and malformed (e.g., with IP or TCP header not properly built) packets. AngeL operates at network level, blocking all outgoing packets that match some well known patterns. This is done, using the Linux kernel firewalling capabilities to capture packets, when packets go through the kernel TCP/IP stack. Outgoing packets are inspected, at header level or at payload level if needed, and a decision is made whether to let them out or not. AngeL also operates at host level, trapping a set of system calls by means of appropriate wrappers. Such wrappers look for badly formed requests, such as passing a shellcode as parameter to a suid program, or requesting a fork() within an infinite loop. If AngeL accepts the analyzed system call invocation, it calls the original system call, otherwise it refuses the operation to the calling program. The new development tree goals will be: 1. increasing stability and improve hook performance 2. rewrite network layer in order to have a more modular design and make security rules upgrade easier 3. using the LSM ( http://lsm.immunix.org ) framework when kernel version 2.6 will be out. 4. ... more, I guess :) Please take a look to http://www.sikurezza.org/angel for more details and for downloading the new development version ( AngeL 0.9.0 ) Thanks Ciao ciao TheSponge -- $>cd /pub $>more beer (0> //\ Perego Paolo <p_peregoat_private> - www.sikurezza.org/angel V_/_ 'It seems the hardest life I've never known' I'm Linux drow 2.4.19-4GB - SuSE Linux 7.3 (i386) powered.
This archive was generated by hypermail 2b30 : Mon Nov 04 2002 - 14:03:42 PST