Changelog for version v-0.8-alpha : 2021-04-24:
MAJOR:
- allow parallel computation on a single slave node (tested)
- add new script to that can detect message ordering CCs in TCP seq. #
(Wendzel, 2019) - add new scripts to detect CCs embedded in MQTT topics and MQTT arti-
ficial re-connect channels (Mileva et al., 2021) - add several new detection scripts written by Kevin Albrechts using
epsilon similarity on different hiding patterns - substantially extended the documentation, in particular:
- add comment on how to run parallel computations on a slave node
- add comment on addressing errors related to limited stack size
- several additional improvements of documentation
- added some new readme files to describe traffic recorings and
detection scripts
- added "reset" functionality: remove content of slave directories in
tmp/ and input/ on startup
MINOR:
- support TCP ack and seq numbers by default
- tiny improvements of code and directory structure; added some sample
traffic recrodings - add kappa framelen+IAT versions that support multiple window sizes
- allow to search for flows that are either TCP or UDP via "udp+tcp"
- add --add-values="..." parameter to nefias_master
- code clean-up
SECURITY FIXES:
- none
FIXES:
- fix handling of IPv6 flows
- make sure ./results, $SLAVE_SCRIPT, $SLAVE_HOSTCONFIG,
$TRAFFIC_SOURCE files exist (and that ./results is a directory) - fix pre-calculation of required chunks in string output
- improved error handling in pcapng2csv.sh
- slightly improved error checking in scripts/nefias_lib.sh
- check whether certain provided cmdline parameters are just "param= "
(empty) - check whether nefias script to be used is actually executable