sshdfilter automatically blocks ssh brute force attacks by reading sshd log output in real time and adding iptables rules based on authentication failures. Block rules are created by logging on with an invalid user name, or wrongly guessing the password for an existing account. Block rules are removed after a week to maintain a small list of blocks. It also comes with a LogWatch filter.
'NTLM Authorization Proxy Server' (APS) is a proxy software that allows you to authenticate via an MS Proxy Server using the proprietary NTLM protocol. APS has the ability to behave as a standalone proxy server and authenticate HTTP clients at Web servers using the NTLM protocol. It can change arbitrary values in your client's request headers so that those requests will look like they were created by MS IE. It is written in Python 1.5.2.
floppyfw is a router and simple firewall on one single floppy. It uses Linux basic firewall capabilities, and has a very simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines, using both static IP, DHCP, and PPPoE, and provides a simple installation, which usually involves editing of only one file on the floppy.
HTTPTunnel is a simple client/server application for creating an HTTP tunnel between two machines, optionally via a Web proxy. This tunnel can then be used to wrap arbitrary TCP socket traffic in HTTP, thus allowing communications even through a restrictive firewall that only allows outgoing HTTP connections.
360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate, and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA, or ScreenOS commands. It is all contained in one file. It can read policy and logs for: Checkpoint FW1 (in odumper.csv / logexport format), Netscreen ScreenOS (in get config / syslog format), and Cisco ASA (show run / syslog format). It uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalization at the same time as removing unused connectivity. It supports policy to log association, object translation, rulebase reordering and simplification, rule moves, and duplicate matching automatically. It allows you to seamlessly move rules to where you need them. 'print' mode creates a spreadsheet for your audit needs with one command.
Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) as well as various rc scripts and documentation. It is known to interoperate with other IPSEC and IKE system already deployed by other vendors such as OpenBSD, Cisco, or CheckPoint. It also features Opportunistic Encryption, subnet extrusion, and with the appropriate patches interops nicely with Microsoft Windows XP/2000 using X.509 certificates.
CIPE (Crypto IP Encapsulation) is an ongoing project to build encrypting IP routers. The protocol used is as lightweight as possible. It is designed for passing encrypted packets between prearranged routers in the form of UDP packets. This is not as flexible as IPSEC but it is enough for the original intended purpose: securely connecting subnets over an insecure transit network.
The MiniUPnP project is a library and a daemon. The library is aimed to enable applications to use the capabilities of a UPnP Internet Gateway Device present on the network to forward ports. The daemon adds the UPnP Internet Gateway Device functionality to a NAT gateway running OpenBSD/NetBSD/FreeBSD/Solaris with PF/IPF or Linux 2.4.x/2.6.x with netfilter. One of its most interesting features is to enforce some permissions to allow or deny redirections, bringing some security to UPnP. Newer versions also support the NAT-PMP protocol from Apple.