Bug#568424: ITP: hlbrw -- assistant to help make new rules to HLBR
Package: wnpp
Severity: wishlist
Owner: Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
* Package name : hlbrw
Version : 0.2.1
Upstream Author : Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>
* URL : http://hlbr.sf.net
* License : GPL
Programming Lang: Bash
Description : assistant to help make new rules to HLBR
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool
to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was
made to be used by HLBR users needing make new rules (it will require some
expertise about HLBR, TCP/IP protocol suite and regular expressions).
.
HLBRW is a script started by iwatch (a system events watch program available
at http://iwatch.sourceforge.net) when the HLBR events log is modified. The
concept is very single: if the HLBR log was modified, then a knew attack was
blocked. But the attacker can make others subsequent actions unknown by HLBR.
Then the iwatch running as daemon will start HLBRW and it will co-ordinate a
tcpdump session to record the posterior traffic generated by attacker IP for
some minutes. If the recorded traffic isn't relevant (without a push in TCP
or another relevant protocol), the created file will be deleted. Based in the
recorded traffic, the network security manager will can make new rules.
.
HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used
in firewall systems.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Reply to: