-
HLBRW 0.2.3 released
Fixed the syntax in iwatch.xml.sample. The HLBRW is working again.
Changelog:
- Version 0.2.3.
- Fixed the syntax in iwatch.xml.sample.
- Improved the main code.
- Removed the iwatch-restart.sh file. It was added to main code.
2010-02-09 20:07:58 UTC by eriberto
-
HLBR 1.7.1 released
This version fix a bug was generating a DoS when the network traffic was high. ALL HLBR USERS USING 1.6 AND 1.7 VERSIONS MUST UPGRADE IMMEDIATELY.
Changelog:
* added CODE_REVISION macro in hlbr.h and updated hlbr.c to show it when PrintVersion() is called
* added a -t option in scripts/hlbr.rotate to create a empty events log file after the rotate (HLBRW needs it!) (ERI)
* added new rules (ERI)
* BUGFIX in decoders/decode_ip_defrag.c: solved another race condition bug in IPDefrag (PAJ)
* new rules (ERI)
* updated engine/cache.{c,h} with functionalities needed to solve the IPDegrag's race condition bug (PAJ)
* updated manpage and READMEs (ERI)
2010-02-09 19:58:56 UTC by eriberto
-
HLBRW 0.2 released
This is the first public version of the HLBRW.
HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was made to be used by HLBR users needing make new rules (it will require some expertise about HLBR, TCP/IP protocol suite and regular expressions).
HLBRW is a script started by iwatch (a system events watch program available at http://iwatch.sourceforge.net) when the HLBR events log is modified. The concept is very single: if the HLBR log was modified, then a knew attack was blocked. But the attacker can make others subsequent actions unknown by HLBR. Then the iwatch running as daemon will start HLBRW and it will co-ordinate a tcpdump session to record the posterior traffic generated by attacker IP for some minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based in the recorded traffic, the network security manager will can make new rules.
HLBRW is part of the HLBR project.
2010-02-03 20:18:03 UTC by eriberto
-
HLBR 1.7 released
HLBR is an Intrusion Prevention System sniffing the OSI layer 2.In this version:* Solved a race condition bug in IPDefrag (HLBR doesn't freeze or die now).* Others minor fixies.* Tested in Debian Squeeze and Slackware 13.
2009-12-08 18:52:39 UTC by eriberto
-
HLBR 1.6 RC1 released
* BUGFIX: IPDefrag now working! (PAJ)
* BUGFIX: JTree issues (PAJ)
* added decoder especific memory deallocation functions (PAJ)
* added install-daemon in Makefile.in (for tests only) (ERI)
* changed some rules (ERI)
* revision and tests (ABA,ERI)
2008-07-18 12:19:26 UTC by eriberto
