|
|
| Distribution |
Debian testing |
| Abteilung |
admin |
| Quelle |
hlbrw |
| Version |
0.2.4-1 |
| Maintainer |
Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
|
| Beschreibung |
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool
to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was
made to be used by HLBR users needing make new rules (it will require some
expertise about HLBR, TCP/IP protocol suite and regular expressions).
.
HLBRW is a script started by iwatch (a system events watch program available
at http://iwatch.sourceforge.net) when the HLBR events log is modified. The
concept is very single: if the HLBR log was modified, then a knew attack was
blocked. But the attacker can make others subsequent actions unknown by HLBR.
Then the iwatch running as daemon will start HLBRW and it will co-ordinate a
tcpdump session to record the posterior traffic generated by attacker IP for
some minutes. If the recorded traffic isn't relevant (without a push in TCP
or another relevant protocol), the created file will be deleted. Based in the
recorded traffic, the network security manager will can make new rules.
.
HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used
in firewall systems.
|
| Abhängig von | hlbr, iwatch |
| Offizielle Seiten |
Paket
Entwicklerinformationen
Bugs (Binärpaket)
Bugs (Quellpaket) |
| Download |
all |
|
|
|
