ITP: shadow-sensor & shadow-analyzer
The shadow project (see http://www.nswc.navy.mil/ISSEC/CID/) provides some
tools to allow a machine outside a firewall to be used as a sensor (using
tcpdump to grab all the packets), and a machine inside the firewall to analyse
that data, and turn it into useful reports about potential threats on an
intranet web server.
Hence the two packages. The sensor is installed on one or more machines
outside your firewall (or perhaps simply on your firewall, if you are less
paranoid), and the analyzer is installed on an intranet web server to do the
analysis.
The software is either public domain, or distributed under the phrase
``approved for public release, distribution is unlimited'' which seems to mean
the same thing, according to the author.
Cheers, Phil.
Reply to: