SXP
Silver Member | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору
VisNetic Firewall Release Notes
VisNetic Firewall v2.2 (as compared to v2.1.3) January 16, 2004
New Features:
[1] Tarpits - A "tarpit" is a trap for troublesome outsiders. Your system accepts connections but never replies and ignores disconnect requests. This can leave spammers, worms and port scanners stuck for hours, even days. Now, entries in the Ban List can be set to be tarpits. Also, block rules can become tarpits: - when "Ban" and "Tarpit" are chosen, the rule creates a tarpit for all IPs that try to connect and match this rule. It tarpits all ports for these IPs - when "Tarpit" is chosen but not "Ban", the rule creates a tarpit only for matching connections. It tarpits all IPs for just the selected port range.
[2] IP Groups - one rule can match more than one IP or IP range. In the program menu, under Rules, an entry is added near the bottom called "IP Address Groups". When this item is chosen, a window appears for adding, editing and removing IP Groups. An "IP Group" is a set of IP addresses or address ranges that will be used together by rules.
[3] Port Groups - one rule can match more than one port or port range. This feature is very similar to the "IP Groups" feature, but applies to TCP and UDP ports. You can now define Port Groups (see the Rules menu, near the bottom) and on the Filtering page when editing a rule, there is a new entry at the bottom of the "Ports must match:" list called "Group". Choose that and the list of available port groups will appear.
[4] MAC rules now support "trusted" status. TCP, UDP and ICMP rules can now be restricted to apply to systems that you "trust" (they use MAC addresses that you specify in MAC rules). You can now make a new kind of MAC address rule where the action, if the MAC address matches, is simply to elevate this packet to "trusted" status. Normal protocol filtering (using TCP, UDP and ICMP rules) continues. If a rule matches but is restricted to "trusted" MAC addresses, then the packet will match if and only if it received "trusted" status by a MAC rule. All other packets will not match and the search through the rules will continue for a matching rule. Improved Log Display information
[5] MAC Groups - one rule can now apply to more than one MAC address.
[6] The log display (when you double-click on a log entry) is improved to show the protocol fields and the contents of the packet that triggered the log entry. This display screen also gives you the option to save the packet information you see to a file (in the Log directory, the file name is based on the timestamp).
[7] Block All option on the Configuration Screen - On the Configuration screen (for each adapter), the "Block All" option has been added so you can choose to block all traffic for that adapter (others can "Filter" or "Allow All")
[8] Command-line addition of Ban List entries - To help link other programs (email, IDS) to the firewall for banning IPs, the following command line can be used:
DFW.EXE -ban (address) [-expiry {dwn}] [-tarpit] [-reason "(text)"]
where
(address) is the IP or IP range, in one of the following formats:
#.#.#.# - a single IP address
#.#.#.#-#.#.#.# - an IP address range
#.#.#.#/#.#.#.# - a masked IP address
#.#.#.#/N - a network range (N is typically 8, 16 or 24)
-expiry sets when the entry expires (d=1 day, w=1 week, n=never)
-tarpit sets this ban entry as a tarpit
-reason sets the "Reason" text field (a reminder of the cause of the ban)
The (address) is mandatory, "-expiry", "-tarpit" and "-reason" are optional. If "-expiry" is not supplied, the setting shown on Ban List/Properties is used. The default for "-tarpit" is off. The default for "-reason" is "Added from command line". The ban takes effect immediately.
[9] Command-Line removal of Ban List entries: DFW.EXE -unban (address)
Minor Improvements:
[1] The System Tray popup menu has been changed
[2] The "Settings" item has been replaced by the options "Allow All","Filter" and "Block All", to give immediate control over the firewall state. These controls are exactly the same as with View/Settings/When Running controls.
[3] Added remote admin support for display of the tarpit
[4] You can now right-mouse click on an entry in the tarpit and do "Who is ...?", (but you have to click on the first column to highlight the line).
[5] Improved menu icons
[6] Remote admin support for Groups: IP, Ports, MAC
[7] When a workstation license is found on a server system, the popup message used to simply say, "Bad License". Now it explains that a server license is required on a server windows platform.
[8] The number of entries in the Ban List is now displayed in the Status Bar.
[9] Added a check for block rules that would prevent passive FTP data channels from being allowed. (Version 2.1 introduced support for Passive FTP where a rule was not required, Stateful Inspection automatically recognized and allowed the data connection. Block rules covering the port range used by Passive FTP data connections would conflict, and this warning is to keep this from happening)
Bug Fixes:
[1] Fix for Win2003/IIS 6.0 crashing problem
[2] Fixes a bug in the Ban List where IPs were not getting banned under certain conditions.
[3] Port scan detection was creating false alarms when detecting ACK scans. For now, ACK scan detection is removed.
[4] Block rules were sometimes displayed with the "-->" or "<--" arrows when they should be displayed as "<-">"", since they block connections in both directions. ..Q.
ftp://ftp2.deerfield.com/pub/current/vfsetup.exe |
) 
Вопросы о родстве рассосались. 
