Menu

HLBR - Hogwash Light BR / News: Recent posts

Call for new developers

The HLBR is needing new developers... C and TCP/IP knowledge. See all at http://bit.ly/hlbrcall.

Thanks!

Posted by Joao ERIBERTO Mota Filho 2011-08-01

HLBRW 0.2.4 released.

Chnagelog:

- Version 0.2.4.
- Registering, in log, when creating directories.
- Changing directory permissions (0755) after create it.
- Registering, in log, the destination directory after moves.

Posted by Joao ERIBERTO Mota Filho 2010-03-07

HLBR 1.7.2 released.

Changelog:

* Added $remote_fs to init script to make it compliant with LSB and Debian. This adjust will avoid the init script run before /usr be mounted or after it be unmounted. See more datails in http://wiki.debian.org/LSBInitScripts.

Posted by Joao ERIBERTO Mota Filho 2010-02-27

HLBRW 0.2.3 released

Fixed the syntax in iwatch.xml.sample. The HLBRW is working again.

Changelog:

- Version 0.2.3.
- Fixed the syntax in iwatch.xml.sample.
- Improved the main code.
- Removed the iwatch-restart.sh file. It was added to main code.

Posted by Joao ERIBERTO Mota Filho 2010-02-09

HLBR 1.7.1 released

This version fix a bug was generating a DoS when the network traffic was high. ALL HLBR USERS USING 1.6 AND 1.7 VERSIONS MUST UPGRADE IMMEDIATELY.

Changelog:

* added CODE_REVISION macro in hlbr.h and updated hlbr.c to show it when PrintVersion() is called
* added a -t option in scripts/hlbr.rotate to create a empty events log file after the rotate (HLBRW needs it!) (ERI)
* added new rules (ERI)
* BUGFIX in decoders/decode_ip_defrag.c: solved another race condition bug in IPDefrag (PAJ)
* new rules (ERI)
* updated engine/cache.{c,h} with functionalities needed to solve the IPDegrag's race condition bug (PAJ)
* updated manpage and READMEs (ERI)

Posted by Joao ERIBERTO Mota Filho 2010-02-09

HLBRW 0.2 released

This is the first public version of the HLBRW.

HLBRW is an acronym to Hogwash Light BR Watch. The intent is provide a tool to help make rules to HLBR (http://hlbr.sf.net). In others words, HLBRW was made to be used by HLBR users needing make new rules (it will require some expertise about HLBR, TCP/IP protocol suite and regular expressions).

HLBRW is a script started by iwatch (a system events watch program available at http://iwatch.sourceforge.net\) when the HLBR events log is modified. The concept is very single: if the HLBR log was modified, then a knew attack was blocked. But the attacker can make others subsequent actions unknown by HLBR. Then the iwatch running as daemon will start HLBRW and it will co-ordinate a tcpdump session to record the posterior traffic generated by attacker IP for some minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based in the recorded traffic, the network security manager will can make new rules.... read more

Posted by Joao ERIBERTO Mota Filho 2010-02-03

HLBR 1.7 released

HLBR is an Intrusion Prevention System sniffing the OSI layer 2.

In this version:

* Solved a race condition bug in IPDefrag (HLBR doesn't freeze or die now).
* Others minor fixies.
* Tested in Debian Squeeze and Slackware 13.

Posted by Joao ERIBERTO Mota Filho 2009-12-08

HLBR 1.6 RC1 released

* BUGFIX: IPDefrag now working! (PAJ)
* BUGFIX: JTree issues (PAJ)
* added decoder especific memory deallocation functions (PAJ)
* added install-daemon in Makefile.in (for tests only) (ERI)
* changed some rules (ERI)
* revision and tests (ABA,ERI)

Posted by Joao ERIBERTO Mota Filho 2008-07-18

HLBR 1.5 RC2 released

* uri test moved to http test (still testing)
* added test: http method
* added uri decoder to engine
* now decoders may have config options
* new (and more efficient!) http header detection
* updated test_ethernet_{src,dst}.c
* updated README.{en,pt_BR}
* changed tcpdump header from /var/lib/hlbr to /usr/lib/hlbr
* added description and force-reload option in init.d to make it compliant with Debian and LSB
* new rules

Posted by Joao ERIBERTO Mota Filho 2008-06-18

hlbr-1.5-rc1 released

New rules, new detection tests, regex based in Perl. And more...

Posted by Joao ERIBERTO Mota Filho 2008-06-05

HLBR 1.1 released

New rules only.

Posted by Joao ERIBERTO Mota Filho 2006-05-18

New movies: DNS attack

Two new movies shows bufferoverflow attacks to Bind DNS.

Posted by Joao ERIBERTO Mota Filho 2006-04-17

Demonstrative movies...

Two demonstrative movies about IPS HLBR are available into files section. The URL is https://sourceforge.net/project/showfiles.php?group_id=152579 .

Posted by Joao ERIBERTO Mota Filho 2006-04-10

HLBR 1.0 released!

The HLBR IPS version 1.0 now can detect malicious traffic using regular expressions. More flexibility for defining your rules.

HLBR can now read a list of words from a file and test it against packets. If only one of the words match the test is considered true for that packet, so it can be dropped, logged and/or redirected.

Posted by Joao ERIBERTO Mota Filho 2006-03-06



HLBR 0.1 Final released

HLBR aims to be a simplified version of IPS Hogwash while trying to add and experiment with new features. O HLBR propõe-se a ser uma simplificação do IPS Hogwash, além de incluir e testar novas funcionalidades.

Posted by Joao ERIBERTO Mota Filho 2005-12-27

HLBR 0.1 RC2 uploaded!

Check the changelog to view modifies.

Posted by Joao ERIBERTO Mota Filho 2005-12-16