New patch for masquerading firewalls logs all outgoing masqueraded TCP connections, enhancing monitoring and tracing capabilities. Ideal for network administrators who need better visibility into outbound traffic.
The patch is compatible with linux 2.2.17, 2.2.19, 2.2.20, and possibly other future versions of 2.2.x. With the information provided by the log, users can identify the details of each connection including which machine initiated it, the destination machine, and the user who made the connection. However, it's important to keep in mind that this information is not enough to prevent all forms of malicious intent.
In cases where attacker.yourdomain.com is a multiuser machine with various users logged in, a malicious user could still attack crackme.victim.com from attacker.yourdomain.com even without being logged in. To prevent users from hiding themselves in this way, the masquerader makes an IDENT query to the client and adds the response to the log alongside [-1-], [-2-], and [-3-].
While enabling the IDENT service on all hosts on the internal network is optional, it's recommended to do so. If IDENT is restricted (e.g. with TCP wrappers) to the masquerader, it won't work, due to the network configuration of the masquerader. Remote hosts that can't pass through the masquerader won't be able to do IDENT queries, so enabling "everyone" to do IDENT queries on the clients should be safe enough.
This update is specifically designed for linux 2.2.19, and users should note that it won't work on other versions. Overall, this software patch is an excellent tool for users looking to keep their networks secure and identify potential malicious users.
Version 1.0.2: N/A