|
Distribution |
Debian testing |
Abteilung |
admin |
Quelle |
hlbrw |
Version |
0.2.4-1 |
Maintainer |
Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
|
Beschreibung |
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was made to be used by HLBR users needing make new rules (it will require some expertise about HLBR, TCP/IP protocol suite and regular expressions). . HLBRW is a script started by iwatch (a system events watch program available at http://iwatch.sourceforge.net) when the HLBR events log is modified. The concept is very single: if the HLBR log was modified, then a knew attack was blocked. But the attacker can make others subsequent actions unknown by HLBR. Then the iwatch running as daemon will start HLBRW and it will co-ordinate a tcpdump session to record the posterior traffic generated by attacker IP for some minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based in the recorded traffic, the network security manager will can make new rules. . HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used in firewall systems.
|
Abhängig von | hlbr, iwatch |
Offizielle Seiten |
Paket
Entwicklerinformationen
Bugs (Binärpaket)
Bugs (Quellpaket) |
Download |
all |
|
|
|