AngeL - The Power to protect

Devel: (none)
Nuts: 0.15.0

What is AngeL Main Goals News Download it

What is AngeL

In brief, AngeL is a Linux kernel module designed to work with kernel version 2.6.0 or later. The module uses the new Linux Security Module framework to implement security policies without performing any system call interposition. This approach leads to a less intrusive code that means more robust and more easy to read. AngeL uses the rock solid netfilter firewalling facility in order to control all packets leaving your host.

AngeL makes your host unable to send hostile traffic across the network. It also blocks a large number of root compromise attacks and local denial of services, by using hooks provided by LSM framework and perfom sanity checks on the input parameters before allowing or not the requested service.

Main goals

AngeL was designed with security as a goal. However, it is not AngeL's purpose to defend your host from your network neighbours. AngeL prevents your host from becoming a hostile network node, i.e., it prevents it from sending hostile packets across the network. By "hostile" we mean both malicious (e.g., a remote exploit attempt) and malformed (e.g., with IP or TCP header not properly built) packets. AngeL operates at network level, blocking all outgoing packets that match some well known patterns. This is done, using the Linux kernel firewalling capabilities to capture packets, when packets go through the kernel TCP/IP stack. Outgoing packets are inspected, at header level or at payload level if needed, and a decision is made whether to let them out or not.

Attacks targeting external network hosts blocked by AngeL

  1. Syn flood
  2. Land
  3. Smurf
  4. Spoofing
  5. Jolt
  6. Ping of death
  7. Protocol specific traffic
  8. Outlook remote buffer overflow
AngeL also operates at host level, trapping a set of system calls by means of appropriate wrappers. Such wrappers look for badly formed requests, such as passing a shellcode as parameter to a suid program, or requesting a fork() within an infinite loop. If AngeL accepts the analyzed system call invocation, it calls the original system call, otherwise it refuses the operation to the calling program.

Attacks targeting the local host blocked by AngeL

  1. A set of buffer overflows against suid programs
  2. Format string vulnerability
  3. Malloc bombing
  4. Fork bombing
  5. Sniffing



For Netscape users, please hold on shift key while you follow the link to download AngeL.


latest 0.8.10
0.8.9 0.8.8 0.8.7 0.8.6
0.8.5 0.8.4 0.8.3 0.8.2
Patching is done in the usual way:
Move patch-x.y.z.gz in the same directory where AngeL is stored. Make sure that AngeL is a symbolic link to the AngeL version you are using (if you have more than one AngeL version on that directory. From then you type "gunzip patch-x.y.z.gz; patch -p0 < patch-x.y.z" and AngeL will be patched for you.

v0.8.x "No Code" - full tarball

latest AngeL v0.8.10.2 AngeL v0.8.10.1 AngeL v0.8.10
AngeL v0.8.9 AngeL v0.8.8 AngeL v0.8.7 AngeL v0.8.6
AngeL v0.8.5 AngeL v0.8.4 AngeL v0.8.3 AngeL v0.8.2
AngeL v0.8.1 AngeL v0.8.0    

Various stuff

A small window maker dock application is available to control AngeL behaviour for analysis purposes. Download the latest wmAngel version here


We need your feedback. We need your suggestions, your bug report, your suggestions for new features or improvements, your comments. So if you enjoined using AngeL let us know, if not, please tell us what you did not like so that we can improve our work.
You can also join AngeL developer mailing list by clicking here.

Our Public Keys

Paolo Perego's public key.


Paolo Perego

Aldo Scaccabarozzi

$Id: index.html,v 1.10 2004/09/20 20:37:16 sponge Exp $