Great Circle Associates Firewalls
(April 1993)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: ANNOUNCE: TAMU Security Tools Package
From: Douglas Lee Schales <drawbridge @ sc . tamu . edu>
Date: Thu, 22 Apr 1993 16:59:48 -0500
To: firewalls @ GreatCircle . COM

              Texas A&M Network Security Package Overview
                    BETA Release 1.0 -- 4/16/93

	                   Dave Safford
	                   Doug Schales
	                    Dave Hess


Last August, Texas A&M University UNIX computers came under extensive
attack from a coordinated group of internet crackers.  This package of 
security tools represents the results of over seven months of development
and testing of the software we have been using to protect our estimated
twelve thousand internet connected devices.  This package includes
three coordinated sets of tools: "drawbridge", an exceptionally powerful
bridging filter package; "tiger", a set of convenient yet thorough
machine checking programs; and "netlog", a set of intrusion detection
network monitoring programs.  While these programs have undergone
extensive testing and modification in use here, we consider this to
be a beta test release, as they have not had external review, and
the documentation is still very preliminary.


For full technical details on the products, see their individual README's,
but here are some highlights to wet your appetite:

		- inexpensive (pc with SMC/WD 8013 cards)
		- high level filter language and compiler
		- powerful filtering parameters
		- DES authenticated remote filter management
		- O(1) table lookup processing for full ethernet
		  bandwidth processing, even with dense class B net
		  filter specifications.	
		- checks key binaries against cryptographic
		  checksums from original distribution files
		- checks for critical security patches
		- checks for known intrusion signatures
		- checks all critical configuration files
		- will run on most UNIX systems, and has tailored
		  components for SunOS, Next, SVR4, Unicos.
		- efficiently logs all tcp/udp establishment attempts
		- powerful query tool for analyzing connection logs
		- "intelligent" intrusion detection program


This package is available via anonymous ftp in
Note that there are some distribution limitations, such as the inability
to export (outside the US) the DES libraries used in drawbridge; see the
respective tool readme's for details of any restrictions.


Comments and questions are most welcome. Please address them to:
	drawbridge @
 sc .
 tamu .

Indexed By Date Previous: Re: DNS over TCP
From: Alexander Dupuy <dupuy @ hudson . cs . columbia . edu>
Next: Forwarded CERT ADVISORY - Cisco Router Packet Handling Vulnerability
From: Brent Chapman <brent @ GreatCircle . COM>
Indexed By Thread Previous: Re: Firewall protection software - TermServer?
From: dand @ qstar . com (Dan Dunn)
Next: Forwarded CERT ADVISORY - Cisco Router Packet Handling Vulnerability
From: Brent Chapman <brent @ GreatCircle . COM>

Search Internet Search