| Author |
Message
|
| oz1ccg |
 Posted: Sat Jan 10, 2004 10:34 am Post subject: Updated: New version of BlockIP2 |
 |
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Hi.....
Just launced a new version of BlockIP, which supports blocking og JMS default user and mqm/MUSR_MQADMIN.
The exit is improved so you can use multi patterns and not just one from the first version of the exit.
New features is specified like:
To use multipattern seperate the patterns with a semicolon( like this:
alt chl(MQT2.TCP.MQT1) chltype(SVRCONN) + * OR: any other type
SCYDATA('172.20.109.*;172.221.*;10.31.*') +
scyexit('c:\path..\BlockIP2(BlockExit)') * NT
This will allow communication from any computer in the172.20.109.*, 172.221.* and 10.31.* networks.
You can also use a single position placeholder in the pattern:
alt chl(MQT2.TCP.MQT1) chltype(SVRCONN) + * OR: any other type
SCYDATA('192.168.??.20;10.31.*') +
scyexit('c:\path..\BlockIP2(BlockExit)') * NT
This will allow any IP-addr matching 192.168.10.20, 192.168.11.20.. 192.168.99.20 to pass verification.
http://www.mrmq.dk/BlockIP2.htm
I hope it can help you....
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT.
Last edited by oz1ccg on Wed Aug 09, 2006 8:46 am; edited 1 time in total |
|
| Back to top |
|
 |
| Michael Dag |
| Posted: Sun Jan 11, 2004 5:00 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
Certainly news worthy!
I'll move it to MQSeries News/Updates and leave a pointer in the Links forum.
Michael |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Thu Jan 22, 2004 4:34 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
|
| Back to top |
|
|
| Michael Dag |
| Posted: Mon Feb 23, 2004 5:38 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
New link address http://www.mrmq.dk/BlockIP.htm
New Functionality:
- allow to specify parameters in a file, rather then SCYDATA itself
- allow pattern matching on both IP patterns AND a Userid patterns
Michael |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Mar 05, 2004 6:51 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Due to a serious security Hazard, have I updated the BlockIP2 exit, BlockIP will soon have the same updates.
The main problem is it's possible to bypass the exit, if the other end sends a sec_msg (on SVRCONN) only.
By the way BlockIP2 is now able to do more filtering based on SSL names, so it's possible to change MCAUSER or BLOCK certain certificates.
And BlockIP2 still resides here: http://www.mrmq.dk/BlockIP.htm
Just my $0.02
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Sun Jun 06, 2004 3:02 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
I guess it'a about time to say that version 2.12 of BlockIP2 is ready to fly, currrently it's marked as Beta. Just wainting for your feedback, before it can replace the "old" version.
This is the rewritten exit (thanks to Sid), it have gone under some testing round the globe, so I hope it will meet your needs.
Here is the direct link: http://www.mrmq.dk/BlockIP.htm#BlockIP2_version_2.1x
Just my $0.02
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Aug 20, 2004 12:07 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
New version of BlockIP2 version 2.15 is ready for download 
Highlights:Completely rewritten thanks to Sid Young, and extented with some functions.
Ported to z/OS by Neil Casey.
This means that we have one source version that should be able to support: z/OS, AIX, Linux Solaris, HP-UX, Windows platforms.
These enhancements have made it easy to add new functions.
Here is the direct link:
http://www.mrmq.dk/BlockIP.htm#BlockIP2_version_2.1x
Just my $0.02
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Sun Apr 24, 2005 12:46 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
New version of BlockIP2 version 2.20 Beta is ready for download
Highlights: This version is ready for WebSphere MQ version 6.0 and got functions to control the number of connections on SVRCONN. This function was requested by many over time, so now it's ready. Give it a try. And it's still free of charge
This version is currently not shipped for z/OS Yet, there are some testing I need to do first.
Here is the direct link:
http://mrmq.dk/index.htm?BlockIP2.htm#Version_2.20_enhancement
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Fri Sep 23, 2005 1:41 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
New version of BlockIP2 version 2.32 Beta is ready for download
(I hope it's without some of the last bugs...)
There is added funtionality to control the number of simultain connctions, and refuse more connections when the limit is reached. And it supports now z/OS too. The implementaion uses shared memory/dataspace on UNIX, Linux and z/OS to gain performace.
Here is the direct link:
http://mrmq.dk/BlockIP2.htm
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Wed Mar 01, 2006 9:33 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
New version of BlockIP2 version 2.44 Beta is ready for download
(I hope it's without some of the last bugs...)
I've added shared memory handling for windows too. To gain performance using the channel limitter.
The storage leak in the previous release should also be history now.
Here is the direct link:
http://mrmq.dk/BlockIP2.htm
-- Lock it or Lose it --
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| LuisFer |
| Posted: Fri Mar 03, 2006 1:17 pm Post subject: |
|
|
Partisan
Joined: 17 Aug 2002
Posts: 302
|
Thanks, thanks, thanks a lot for this work, Jørgen
Today i installed on my z/OS (Test) this Version , working fine.
Thanks nwely. |
|
| Back to top |
|
|
| LuisFer |
| Posted: Sun Mar 05, 2006 12:43 am Post subject: |
|
|
Partisan
Joined: 17 Aug 2002
Posts: 302
|
Review how works the exit on z/OS i see that every Conn (on SVRCONN CHLS) up the Real Storage 2 frames (up the line), and this memory is not freed when DISCON the channel.
Except this one the exit works fine. |
|
| Back to top |
|
|
| osborn lawrence |
| Posted: Mon Apr 17, 2006 11:16 pm Post subject: |
|
|
Newbie
Joined: 15 Jul 2004
Posts: 3
Location: Bangalore
|
Hello,
I am using BlockIP 2.15. Is there a way to specify more than 256 characters in the "Patterns" variable in the configurations file ?
We have a requirement to specify around 50 IP's in "Patterns"
Is this possible in the 2.48 latest version ?
Are there any work arounds ?
Why is this restrication in the first place ?
Thanks in advance for your responses.
Osborn
_________________
Osborn Lawrence
IBM Certified MQSeries Specialist
MQSeries Administrator |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Wed Apr 19, 2006 11:34 am Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Shure it can be lifted. I have to analyze the consequences about raising it (and some other settings). It's all just a matter about storage consumption.
-- Lock it or Lose it --
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
| oz1ccg |
| Posted: Tue Jun 13, 2006 2:31 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Hi There, a new kid is in town, together with T&M 2006 in Atlanta: a fresh release of BlockIP2 (2.55)
With some new features like filtering based on hostnames and DNS lookup.
IPv6 readiness in hostnames and filtering.
Enhanced SSL filtering.
Room for more patterns, SSL rows.
-- Lock it or Lose it --
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
|
|
