Bug#568424: ITP: hlbrw -- assistant to help make new rules to HLBR
Owner: Joao Eriberto Mota Filho <firstname.lastname@example.org>
* Package name : hlbrw
Version : 0.2.1
Upstream Author : Joao Eriberto Mota Filho <email@example.com>
* URL : http://hlbr.sf.net
* License : GPL
Programming Lang: Bash
Description : assistant to help make new rules to HLBR
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool
to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was
made to be used by HLBR users needing make new rules (it will require some
expertise about HLBR, TCP/IP protocol suite and regular expressions).
HLBRW is a script started by iwatch (a system events watch program available
at http://iwatch.sourceforge.net) when the HLBR events log is modified. The
concept is very single: if the HLBR log was modified, then a knew attack was
blocked. But the attacker can make others subsequent actions unknown by HLBR.
Then the iwatch running as daemon will start HLBRW and it will co-ordinate a
tcpdump session to record the posterior traffic generated by attacker IP for
some minutes. If the recorded traffic isn't relevant (without a push in TCP
or another relevant protocol), the created file will be deleted. Based in the
recorded traffic, the network security manager will can make new rules.
HLBRW is part of the HLBR project, an Intrusion Prevention System (IPS) used
in firewall systems.