[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#568424: ITP: hlbrw -- assistant to help make new rules to HLBR

Package: wnpp
Severity: wishlist
Owner: Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>

* Package name    : hlbrw
  Version         : 0.2.1
  Upstream Author : Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
* URL             : http://hlbr.sf.net
* License         : GPL
  Programming Lang: Bash
  Description     : assistant to help make new rules to HLBR

 HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool
 to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was
 made to be used by HLBR users needing make new rules (it will require some
 expertise about HLBR, TCP/IP protocol suite and regular expressions).
 HLBRW is a script started by iwatch (a system events watch program available
 at http://iwatch.sourceforge.net) when the HLBR events log is modified. The
 concept is very single: if the HLBR log was modified, then a knew attack was
 blocked. But the attacker can make others subsequent actions unknown by HLBR.
 Then the iwatch running as daemon will start HLBRW and it will co-ordinate a
 tcpdump session to record the posterior traffic generated by attacker IP for
 some minutes. If the recorded traffic isn't relevant (without a push in TCP
 or another relevant protocol), the created file will be deleted. Based in the
 recorded traffic, the network security manager will can  make new rules.
 HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used
 in firewall systems.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Reply to: