THC Backdoor ported to OpenBSD - This is a simple but useful backdoor for OpenBSD based on a FreeBSD lkm by pragmatic/THC.
05fcfdd8024ff5dbbf471ea66e27a53a4139f2377df3255c490eb5dd6a1f349a
SRaw for OpenBSD is a kld which makes all users able to open raw sockets. Supported protocols are IPPROTO_RAW, IPPROTO_ICMP, IPPROTO_IPIP, IPPROTO_IPV4, IPPROTO_IGMP.
300627a1e608cd638ff2fafcf814d528749f49e60213764e8e75763181c9f58e
SRaw is a kld for FreeBSD which disables EPERM in socket() and permits to allocate inpcb even if the socket is raw and users haven't root permissions bypassing suser() in pru_attach() functions.
1d9e7f1c99f8c59d6f38efccb713756d713efba1264fdc59cc1c0e336e75b6b1
Syscall Monitor for FreeBSD - Using this tool you are allowed to monitor the use of the syscalls on your system and to prevent their execution for the specified users/groups.
d9917c7e535881afb784448565f8b5f170a26741c2baafcd4b532524c70a54d5
Securelevel Bypass - This kld gives you permission to load/unload a kld and modify a sysctl value even if you aren't root and securelevel is higher than 0.
2a0b20d98a3ea5ceca6c235d0dcd59e29d5642d989f65b4e5095adf6f65c0485
Ksec (Kernel Security Checker) is a tool for FreeBSD and OpenBSD which can find an attacker by direct analysis of the kernel via /dev/mem, bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). KSec can find the modified syscalls from userspace, detect the promisc interfaces, find the modifications applied to a protocol and much more.
1a4530115327bcbd02ef7104acaefc72ddfea1d0db0e12252f7b0ee3fdfa0a1f
LKM for OpenBSD which makes ipfilter always accept packets from a certain IP.
197676aa8158610f0465e0cbff238d7ad65f3f6f057fb6ddd92a4d63386fcc6c
Anti-spoofing lkm for OpenBSD via setsockopt() - detects and logs IP header manipulation.
fca4eaa52977935a2efb9a116a709ae0a74a82aa8047fb6d7c04baf8fddfd9e4
Total obscurity for BPF Promisc Mode. OpenBSD Port.
4075e9176076c0914106ea44b5e66b037da9891ef3eb9c883807688ff1af19b2
SRaw for FreeBSD ( sock.c ) - Enables all users to open raw sockets.
031d603337d3c77dcca435afe3641d180032d7eff7eda4e2da825be6148d4d91
LKM for FreeBSD which makes ipfilter always accept packets from a certain IP.
d411790929f20a121f5c4adfb5b253210f3b91a01fbfc42a70416a71e1ff5ec4
DETECT UDP SP00FiNG ON OUR FREEBSD BOX VIA KLD.
11818d662899f1f3be9befbe3281444ed8c4bb2041a3cb4441cf83924c29f7d8
LKM Detector - This module lets you a compare between a syscall & its kernel function, so you can detect any lkm which modifies your system. More documentation available here.
4dd86712125cd0e0aa3f86be78658c7384fc49ad18e49214d42677ca2d36a51b
s0ftpj snmp community name sniffer.
b045cba106f925e47765e9721dffa6e74e74231ba4043f0d3d73f43f57bab70c
IP_HDRINCL protection beta version 1.
7aa4377e96ae6d5a56e9a8b54c43ebb66246e4eb4db2d225719debea79ca60dc
Total obscurity for BPF Promisc Mode.
c8c67b00a7d8e3402342580f91f8c081512aed840c76ef6935fdc3c782677947
This simple source code uses sysctlbyname() to fetch statistics for a protocol that you can use for security purposes or for kernel testing.
f2452776425ae8565c153915701d04ef8305cbbdb0c2a5c86bafeb1133367914
IGMP/ICMP/IPIP/IDP/RSVP/IPIP/IPPROTO_RAW KERNEL CHECKER.
88d150b0fb1f12572bd32f4c4c131012166c8ebc26ac873c1c57d35c641e1113
Anti-spoofing lkm for FreeBSD via setsockopt() - detects and logs IP header manipulation.
6767ad2628aeb75102b54f33c88228bce7c4be5f07f5cbae3e4f3913921460c4
Simple Example of log for bad packets.
76919eef44ccbc084bae1b1b2858c154e8ae5fb096cbd787fb5ffe140a252a27
This kld gives you an example of how you can modify the output function of an Ethernet Interface.
b8193a4ce9a200bd034f7b9a59a6e301442838672141666df6e87261c2ba01be
IPFW-FILTER-REVISION#2 - FreeBSD kernel module that allows a certain IP to bypass ipfilter firewall rules. Tested on FreeBSD 4.0-19990705-CURRENT.
027a95d705dc634b8a0987584bce303b00eba6c0f378350baaac7c490b888686
FreeBSD kernel module which can change options at every layer in a connection.
9d8903cacecd3861b6cda58fe802e06cd717ab2e2925d204ecf4ee06745f5440
BSD kernel module which prevents ipfw from blocking a specified IP address.
eda8204dc0dd9bee437dbd4ef6006b28fdcf118846aa7c66f58d74c79494e86b
This src grabs documents printed on a network printer installed with lpd by sniffing it from the network.
fdd3a4da4b6c7e5bdabff5d056a2cdc6624bc2137b16ee1f75f434459fc2b500