HLBRW is an acronym for Hogwash Light BR Watch. It is a tool to help make rules for HLBR. In other words, HLBRW was made to be used by HLBR users needing make new rules. It requires some expertise with HLBR, the TCP/IP protocol suite, and regular expressions. HLBRW is a script started by iwatch (a system events watch program) when the HLBR event log is modified. The concept is very single: if the HLBR log was modified, then a known attack was blocked. But the attacker might take other subsequent actions unknown by HLBR. When HLBRW starts, it will coordinate a tcpdump session to record the traffic generated by the attacker's IP address for the next few minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based on the recorded traffic, the network security manager can make new rules. HLBRW is part of the HLBR project, an intrusion prevention system (IPS) used in firewall systems.
Borderline is a firewall generator. It takes a generic rule specification as input and generated an highly optimized firewall. It features IPv6 rule generation, support for multiple interfaces, and integrated support for network zones. It currently only supports firewall generation for Linux 2.6 (netfilter).
'blaze' is a Netfilter iptables firewall script that is meant to be ridiculously easy to use, pretty basic, but powerful enough to handle a box with multiple NICs to support gateway usage, possibly with NAT. Setup should take no more than five minutes. Logging is not currently supported.
Membrane SOAP Router is a modular SOAP intermediary written in Java. It is fully configurable due to Spring style configuration. You can audit SOAP traffic, route messages through DMZ, and gather performance statistics. The small memory consumption of less than 20 Megabytes makes it possible to run an instance of Membrane SOAP Monitor on any computer that provides or consumes Web services.
SpamBlock counts attempts to establish a connection on port 25/tcp via tcpdump. When a host exceeds the allowed number of attempts per unit of time, it is added to a corresponding ipfw table and email notification is sent. Spamblock currently supports ipfw only, but it can be easily adapted for any firewall and OS. It can also be configured to watch multiple ports to prevent Telnet and SSH attacks in addition to SMTP.
IPTEditor intends to ease the task of managing/editing iptables rules. It presents an intuitive graphical interface that organizes iptables tables as tabs of a notebook, each of which, in turn, organizes their chains in notebooks tabs. Each rules tab contains a list made up of rows (rules) or item columns ordered according to their occurrence. The items in the rows can be edited by appropriate forms, such as through dialogs for targets and criteria (modules), edit fields for network addresses, and selection boxes for actions and protocols, among others.
Fing is a command line tool for network and service discovery. It provides you a complete view of any network in a very short time. Its smart discovery automatically detects the network type and uses the best technique to scan it. The best results are achieved on Ethernet networks (including Wireless ones), where Fing is able to detect all network hosts, firewalled ones included. The service discovery feature quickly detects active TCP services on a target host or network. Fing is based on Look@LAN.