| Ausführliche Beschreibung | HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool
to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was
made to be used by HLBR users needing make new rules (it will require some
expertise about HLBR, TCP/IP protocol suite and regular expressions).
.
HLBRW is a script started by iwatch (a system events watch program available
at http://iwatch.sourceforge.net) when the HLBR events log is modified. The
concept is very single: if the HLBR log was modified, then a knew attack was
blocked. But the attacker can make others subsequent actions unknown by HLBR.
Then the iwatch running as daemon will start HLBRW and it will co-ordinate a
tcpdump session to record the posterior traffic generated by attacker IP for
some minutes. If the recorded traffic isn't relevant (without a push in TCP
or another relevant protocol), the created file will be deleted. Based in the
recorded traffic, the network security manager will can make new rules.
.
HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used
in firewall systems.
|