Opensvp is a security tool implementing attacks to be able to the resistance of firewall to protocol level attack. It implements classic attacks as well as some new kind of attacks against application layer gateway (called helper in the Netfilter world). The document Secure use of iptables and connection tracking helpers describes the protection method against this type of attack for a Netfilter firewall.

Download and more

The project is hosted on github:

  • Get the git: Code
  • To see issues or report one: Issues

Implemented attacks

Spoofing attack on helpers

Being on a network directly connected to the firewall via the eth0 interface, the attacker can run the following command ::
 opensvp --attacker -t --helper ftp --port 23 -v -i eth0 is the address of the FTP server and 23 is the port we want to open on the server. It is then possible to connect to on port 23 after a successful attack.

Abusive usage of helpers

It is possible for a client to send a forged command message which is interpreted as possible dynamic connection opening by the firewalls. It is possible to use a standard server to send the attack but with a custom server you will know the transformation made by the possible NAT gateway. A typical session is the following. On the server which has IP address, you can run ::
 $ opensvp --server --helper irc -v
On the client, you can then run ::
 $ opensvp --client -t --helper irc --port 23 -v should be opened from outside
On the server, the following message is displayed ::
 You should be able to connect to
Here is the public address of the client.

Protection against the attacks

See Secure use of iptables and connection tracking helpers for detailed information.
 Posted by at 11:47

  3 Responses to “Opensvp”

  1. Hi,

    Thanks for the tool!

    Just a tiny mistake: the pointer to opensvn’s source code is wrong, it links to coccigrep’s source code.


  2. Oups, fixed. Thanks Olivier!

  3. There is only so much innovation you can do around a Linux distribution, though, and as a public company, Red Hat also had to look beyond that core business and build on it to better serve its customers. In part, that s what drove the company to launch services like OpenShift, for example, a container platform that sits on top of Red Hat Enterprise Linux and not unlike the original Linux distribution integrates technologies like Docker and Kubernetes and makes them more easily usable inside an enterprise.
    By the way! The best essay writing service –
    And Happy New Year!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>