From owner-freebsd-questions@FreeBSD.ORG Thu May 21 06:02:09 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 68459CE2 for ; Thu, 21 May 2015 06:02:09 +0000 (UTC) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2954C1341 for ; Thu, 21 May 2015 06:02:09 +0000 (UTC) Received: from [89.204.135.126] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1YvJYT-00041k-Uc; Thu, 21 May 2015 08:02:06 +0200 Received: from localhost.my.domain (c720-r276659 [127.0.0.1]) by localhost.unixarea.de (8.14.9/8.14.9) with ESMTP id t4L624EN002294 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 21 May 2015 08:02:04 +0200 (CEST) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.14.9/8.14.9/Submit) id t4L624UC002293; Thu, 21 May 2015 08:02:04 +0200 (CEST) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Thu, 21 May 2015 08:02:04 +0200 From: Matthias Apitz To: freebsd-questions@freebsd.org Subject: looking for software to harden TCP/IP client-server application Message-ID: <20150521060204.GA2203@c720-r276659> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Operating-System: FreeBSD 11.0-CURRENT r269739 (i386) User-Agent: Mutt/1.5.23 (2014-03-12) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 89.204.135.126 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 May 2015 06:02:09 -0000 Hello, I'm working for a company which develops since "ages" a client-server application: Windows/UNIX Java or Perl written clients are connecting to defined TCP ports where C/C++ written servers are doing LISTEN and serving the connecting clients. The designed protocol is human readable and an example is in clear text (normally SSL is used to protect the data against network sniffing) here: http://www.unixarea.de/slnp.txt What I'm looking for is some (hopefully FreeBSD) software to harden the server side against attacks of all kind of buffer overflow, SQL injection, etc. Any ideas? matthias -- Matthias Apitz, guru@unixarea.de, http://www.unixarea.de/ +49-170-4527211 +49-176-38902045 "Wenn der Mensch von den Umständen gebildet wird, so muß man die Umstände menschlich bilden." "Si el hombre es formado por las circunstancias entonces es necesario formar humanamente las circunstancias", Karl Marx in Die heilige Familie / La sagrada familia (MEW 2, 138)