hlbrw | assistant to help make new rules to HLBR | Mehr ... |
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was made to be used by HLBR users needing make new rules (it will require some expertise about HLBR, TCP/IP protocol suite and regular expressions). . HLBRW is a script started by iwatch (a system events watch program available at http://iwatch.sourceforge.net) when the HLBR events log is modified. The concept is very single: if the HLBR log was modified, then a knew attack was blocked. But the attacker can make others subsequent actions unknown by HLBR. Then the iwatch running as daemon will start HLBRW and it will co-ordinate a tcpdump session to record the posterior traffic generated by attacker IP for some minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based in the recorded traffic, the network security manager will can make new rules. . HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used in firewall systems. |