Welcome!

This is the web page of Aldaba, an open source Single Packet Authorization and Port Knocking authentication system for GNU/Linux.

Nowadays system administrators cannot rely on the security provided by software manufacturers to protect services that run on their network servers. 0-day exploits are serious threats for critical systems that can't afford security breaches. Port Knocking and Single Packet Authorization are two different techniques that provide a mechanism to have all ports of a server closed and open them on request, to clients that have the appropriate authentication credentials. Aldaba is a command-line tool for Linux systems that implements a complete PK and SPA authentication service that is both effective and easy to use.

Current Features

- Support for two authentication protocols: Port Knocking and Single Packet Authorization.
- Fast authentication processing.
- IPv6 capable.
- Not vulnerable to replay attacks.
- Encryption using any of: AES/Rijndael, Twofish, Blowfish and Serpent.
- Authentication through HMAC-SHA256.
- PBKDF2-based key derivation.
- Support for custom command execution upon successful client authentication.
- Sensitive data wiping on exit.
- Support for decoys and noise packets.
- Logging capabilities.
- External IP address resolution.
- Highly commented source code.
- Doxygen based documentation.
- Free and Open Source.

Aldaba 0.2.2 Released

It's been a while, but here is another version of Aldaba. Finally it provides proper out-of-the-box support for iptables manipulation. Also, it now has the ability to accept incoming connections (after a successful authentication) for only a given period of time. By default new connections from the authorized IPs will be allowed for 120 seconds. After that, the firewall rules are modified to only allow traffic for already established connections. Aldaba Server now provides a new command line switch (-o, --open-time) to tune such time interval.

Please try it and report any bugs you find. Check section "Download" for details on how to obtain and install this release.

Aldaba 0.2.1 Released!

Just after five days since the last release, Aldaba Suite 0.2.1 is out! Here's the changelog:

- Added support for IP address forwarding to the SPA protocol. This lets Aldaba Server act as a NAT traversal facilitator.
- Added support for configuration files in both client and server. Now default config files are installed and read when running "aldaba start" or "aldabad start". Also, custom config files may be supplied through the command line using the --config parameter.
- Fixed a bug in verbosity level specification.

Please try it and report any bugs you find. Check section "Download" for details on how to obtain and install this release.

Aldaba 0.2.0 Released!

Aldaba Suite 0.2.0 has just been released! After a long period of inactivity, the development of Aldaba continues. The 0.2.0 release is a new Aldaba, completely rewritten from scratch, and with lots of new features and security enhancements. Here's the changelog:

- Aldaba has been completly rewritten in C++.
- Full support for IPv6
- Flexible covert channel field specification.
- Improved crypto key generation.
- Improved SPA protocol.
- Added full protection against replay attacks.
- Improved documentation.
- Improved installation process.

Please try it and report any bugs you find. Check section "Download" for details on how to obtain and install this release.

Syndicate content