Paketname | hlbr |
Beschreibung | IPS that runs over layer 2 (no TCP/IP stack required) |
Archiv/Repository | Offizielles Debian Archiv squeeze (main) |
Version | 1.7.2-2 |
Sektion | net |
Priorität | optional |
Installierte Größe | 368 Byte |
Hängt ab von | libc6 (>= 2.3.6-6~), libpcre3 (>= 7.7) |
Empfohlene Pakete | tcpdump |
Paketbetreuer | Joao Eriberto Mota Filho |
Quelle | |
Paketgröße | 82526 Byte |
Prüfsumme MD5 | 59668f1884f2fbb6ec5c93eedf2fa1bf |
Prüfsumme SHA1 | db5b3b16163ed13a513c94da8da0c9393811f319 |
Prüfsumme SHA256 | 9e69c15a8909db9afe78f4673d5f96f4ebc5d176d4d14c90570ec984f612b22b |
Link zum Herunterladen | hlbr_1.7.2-2_i386.deb |
Ausführliche Beschreibung | HLBR stands for Hogwash Light BR. It is a Brazilian fork of Jason Larsen's
Hogwash Intrusion Prevention System (IPS). Its main feature is that it can
run directly over OSI model layer 2, which means it doesn't even require a
TCP/IP stack, running as a bridge.
.
HLBR comes with a set of rules to detect known malicious network traffic,
and you can define your own rules as well. Packet handling include options
like dropping or diverting it to another machine (such as a honeypot).
Since it works like a bridge and doesn't requires an IP address, it is
invisible to intruders. HLBR is a firewall component and must be put before
a Intrusion Detection System (IDS). The IDS (Snort or other) will show all
suspect traffic doesn't blocked and it can be used to compose new rules
to IPS.
.
HLBR rule definition language has support for regular expressions (Perl).
All blocked traffic is dumped in log under tcpdump format.
|