11/7/2023 0 Comments Packet stream proxies![]() It can apply extra layers of authentication based on IP, DNS lookups, geolocation, SSL client certificates, and other validation methods. Munshin can be set up before a target host/device to put a set of extra rules/checks in place before a connection is made to the final destination. Sometimes this would be as crude as limiting allowed connections to a particular country, but even that is better than nothing. It does aim to provide perfect security, but rather aims to at least lower the attack surface of a device or host in situations where security is already at risk. Munshin is intended to be a network sticking-plaster or puncture-repair kit for these situations. Perhaps you have a device that's vital to your daily work, but whose security you do not trust. Perhaps something needs to be made quickly available to another party, but that party cannot be given VPN access. Perhaps something is already internet-facing, but needs to be patched, and cannot be patched until a scheduled shutdown at a production center. Yet unfortunately circumstances frequently arise where a device or piece of software has to be made internet-visible, despite worries about its security. Every week new backdoors and vulnerabilities are announced, and patching does nothing to help, in fact patches frequently introduce new vulns. If you are reading this then the internet is likely on fire. Munshin can also handle TLS/SSL on either or both sides of the connection, allowing it to add a TLS layer to services/devices that lack one, or that have outdated or otherwise vulnerable SSL/TLS implementations. Munshin can forward connections to/from unix sockets, tcp sockets, chains of other proxies, or launch an application to handle them in inetd fashion. Its basic function is to accept a connection, check a number of rules such as ip address, geolocation, reverse dns lookup, dynamic dns lookup, etc, etc, and then forward this connection to the appropriate host/port/socket if the rules are satisfied. ![]() Munshin is a 'gatekeeper' app that can be used either as a socks proxy, an inetd replacement or a reverse proxy / port-forwarding firewall. Merge pull request #1 from ColumPaget/add-license-1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |