ipfw2shield is a DShield client for ipfw logs, i.e., it inspects
the firewall logs and can mail security reports to dshield.org
The Courier Authentication Library is a generic authentication API used
for two purposes:
1. Read the name of a mail account. Determine the local account's home
directory, and system userid and groupid.
2. Read an account name, and a password. If valid, determine the
account's home directory, system userid, and groupid.
httprint is a web server fingerprinting tool. It relies on web server
characteristics to accurately identify web servers, despite the fact that they
may have been obfuscated by changing the server banner strings, or by plug-ins
such as mod_security or servermask. httprint can also be used to detect web
enabled devices which do not have a server banner string, such as wireless
access points, routers, switches, cable modems, etc. httprint uses text
signature strings and it is very easy to add signatures to the signature
database.
amavisd-new is a performance-enhanced daemonized version of amavis-perl
Note that the installation is different than the original package, and the
integration into your MTA can be different, so please read the README and
INSTALL files very carefully.
amavisd-new also supports SpamAssassin integration.
An automated password generator, using several strong algorithms
for random and/or pronounceable password generation, and a built-in
pseudo-random number generator.
k5start is a modified version of kinit that can use keytabs to authenticate,
can run as a daemon and wake up periodically to refresh a ticket, and can run
single commands with their own authentication credentials and refresh those
credentials until the command exits.
It is commonly used to maintain Kerberos tickets for services that need to
authenticate to minimize the amount of Kerberos-related logic that must be
in the service itself.
The Blowfish Library
Blowfish is a block cipher that operates on 64bit (8 byte) quantities.
It uses variable size key, but 128bit (16 byte) key would normally be
considered good. It can be used in all the modes that DES can be
used. This library implements the ecb, cbc, cfb64, ofb64 modes.
Blowfish is quite a bit faster that DES, and much faster than IDEA
or RC2. It is one of the faster block ciphers.
-- Jim Geovedi
jim@corebsd.or.id
knockd is a port-knock server. It listens to all traffic on an ethernet
(or PPP) interface, looking for special "knock" sequences of port-hits.
A client makes these port-hits by sending a TCP (or UDP) packet to a
port on the server. This port need not be open -- since knockd listens
at the link-layer level, it sees all traffic even if it's destined for
a closed port. When the server detects a specific sequence of port-hits
port-hits, it runs a command defined in its configuration file. This
can be used to open up holes in a firewall for quick access.
libfprint is an open source software library designed to make it easy for
application developers to add support for consumer fingerprint readers to
their software.
lsh is a client that can connect to the corresponding lshd server. It uses
the SECSH protocol, which means that it is compatible with SSH 2.0, except
for file transfer, which is not part of SECSH.
SECSH uses compression and encryption algorithms that are unencumbered, and
lsh itself is GPL.
lsh is not as feature-rich as OpenSSH, as it doesn't currently support
password-protected keyrings, the SSH 1.X protocols, TCP wrappers, etc.
On the other hand, it doesn't require OpenSSL, and doesn't take a lot of
work to avoid patented algorithms.
Port author's notes on usage and common problems can be found at