Projects

OpenBSD

The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system... efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX.

pf

PF (Packet Filter) is OpenBSD's system for filtering TCP/IP traffic, doing Network Address Translation, normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF has also been ported to FreeBSD, NetBSD, and DragonFly BSD, and is an integral part of MirBSD.

iodine

This is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD and OpenBSD and needs a TUN/TAP device. The bandwidth is ... [More] assymetrical with limited upstream and up to 1 Mbit/s downstream. [Less]

Aircrack-NG

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact ... [More] aircrack is a set of tools for auditing wireless networks. [Less]

OpenNTPD

OpenNTPD is a FREE, easy to use implementation of the Network Time Protocol. It provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock.

denyssh

DenySSH monitors the auth log of a BSD system for failed SSH login attempts and adds repeat attackers to a Packet Filter table, allowing you to define PF rules to block the attacking hosts or redirect them to a honeypot for your amusement.

comixwall

ComixWall Internet Security Gateway is based on OpenBSD and ports/packages, with a user-friendly Web Administration Interface. Main modules featured are pf, Web Filter, IDS, Anti-Virus, Anti-Spam, SMTP/POP3/HTTP/SOCKS/FTP/IM Proxies, Web/DNS/DHCP Servers. The purpose of the ComixWall project is ... [More] to provide an Internet Security Gateway (ISG) that truly deserves its name (another name would be a firewall with UTM features). ComixWall is developed on OpenBSD and ports/packages, which are licensed under either BSD or GPL. ComixWall is, to my knowledge, the first ISG running on OpenBSD. ComixWall will be freely available for all, any it will have all the advanced features of many commercial and closed-source (some half open source) ISG's. This is a very serious undertaking, because, [Less]

greycd

翻译一些xnix方面的英文为主，结合其他的翻译文档 xnix以及平台重要软件的配置以及安全设置

arpon

ArpON (Arp handler inspectiON) is a portable handler daemon with some nice tools to handle all ARP aspects. It has a lot of features and it makes Arp a bit safer. This is possible using two kinds of anti Arp Poisoning tecniques, the first is based on SARPI or "Static Arp Inspection" ... [More] , the second on DARPI or "Dynamic Arp Inspection" approach. Keep in mind other common tools fighting ARP poisoning usually limit their activity only to point out the problem instead of blocking it, ArpON does it using SARPI and DARPI policies. Finally you can use ArpON to pentest some switched/hubbed LAN with/without DHCP protocol, in fact you can disable the daemon in order to use the tools to poison the ARP Cache. However ArpON is also a good tool to a clever sysadmin aware of security related topics. It is a tool born to make Arp secure in order to avoid Arp Spoofing/Poisoning & co. Remember it doesn't affect the communication efficiency of the ARP protocol! Features: - It manages every aspect of the ARP protocol - It replaces utilities such as arp, arping, arpscan - It replaces arpwatch, arpon blocks - It detects and blocks ARP Poisoning/Spoofing attacks in statically configured networks - It detects and blocks ARP Poisoning/Spoofing attacks in dinamically configured (DHCP) networks - It detects and blocks unidirectional and bidirectional attacks - Easily configurable via command line switches, provided that you have root permissions - It works in userspace for OS portability reasons - Tested against Ettercap, Cain & Abel, dsniff The link to ArpON's documentation: http://arpon.sourceforge.net/about.html [Less]

pfelog

pfelog, daemon thats allow security officers explore and analize forwarded traffic on OpenBSDs routers.