HLBRW is an acronym for Hogwash Light BR Watch. It is a tool to help make rules for HLBR. In other words, HLBRW was made to be used by HLBR users needing make new rules. It requires some expertise with HLBR, the TCP/IP protocol suite, and regular expressions. HLBRW is a script started by iwatch (a system events watch program) when the HLBR event log is modified. The concept is very single: if the HLBR log was modified, then a known attack was blocked. But the attacker might take other subsequent actions unknown by HLBR. When HLBRW starts, it will coordinate a tcpdump session to record the traffic generated by the attacker's IP address for the next few minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based on the recorded traffic, the network security manager can make new rules. HLBRW is part of the HLBR project, an intrusion prevention system (IPS) used in firewall systems.
StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.