The Realeyes IDS captures and analyzes full sessions. When an incident is reported, the graphical user interface will display both halves of the session to determine what occurred. The GUI also provides management of application users, sensors, and a database. Realeyes is a replacement for the RenaissanceCore software.
HLBRW is an acronym for Hogwash Light BR Watch. It is a tool to help make rules for HLBR. In other words, HLBRW was made to be used by HLBR users needing make new rules. It requires some expertise with HLBR, the TCP/IP protocol suite, and regular expressions. HLBRW is a script started by iwatch (a system events watch program) when the HLBR event log is modified. The concept is very single: if the HLBR log was modified, then a known attack was blocked. But the attacker might take other subsequent actions unknown by HLBR. When HLBRW starts, it will coordinate a tcpdump session to record the traffic generated by the attacker's IP address for the next few minutes. If the recorded traffic isn't relevant (without a push in TCP or another relevant protocol), the created file will be deleted. Based on the recorded traffic, the network security manager can make new rules. HLBRW is part of the HLBR project, an intrusion prevention system (IPS) used in firewall systems.
Pkviz is a tool for plotting and cycling through and animating a series of network packets captured by tcpdump. What makes it unique is that the packets’ structure is visualized, not any labels and not time itself. Pkviz takes each byte in a packet and plots it out end-to-end, left-to-right, from the first byte to the last. How high the dot gets plotted depends on the value of the byte: bytes with a value of 0 are at the bottom and those which are 255 (0xff) – the maximum value of a byte – get plotted at the top. This might not be interesting for one packet, but that changes when you start looking at thousands of packets. Pkviz can cycle through thousands of packets in the set so you can see what happened on the wire.
PRADS is a "Passive Real-time Asset Detection System". It passively listens to network traffic and gathers information on hosts and services it sees. This information can be used to map your network, letting you know what services and hosts are alive and used. It can also be used together with your favorite IDS/IPS setup for "event to host/service" correlation. It can help you make sure that your inventory database is up to date. PRADS commes in two versions. One written in Perl, and one written in C. Some features might only be found in one of the versions.
VPPPN stands for virtual peer-to-peer private networking. The project provides a VPN client using a custom protocol to be able to set up a point-to-point dynamic virtual network. This differs from OpenVPN in that it does not need a central server to pass the network's traffic. A central server exists to allocate IP addresses and provide a point of contact for the clients, but once connections are established, these services are no longer needed. This means that a VPPN network is free (as in beer), since to set up a network you do not need to invest in an always-on Internet server. Once established, a VPPPN network behaves in a similar way to a normal IP network. To the end user, this means you can set up an office network and drag and drop files between computers in a secure manner over the Internet.
Altimate Firewall is a small and easy-to-use firewall, based on a hardened Gentoo system. It has an intuitive and easy-to-use Web interface. The Altimate Firewall uses Shorewall (LAN, WAN, DMZ), OpenVPN, PPTPD, IPSEC, and many more. It includes Avira WebGate and MailGate for safer browsing and for securing your email messages. The network settings can be easily managed by a non-professional.
MN Viewer (Mobile Network Viewer) is a lightweight framework designed for system administrators who would like to be able to monitor many aspects of their network from their mobile phone. It allows for very simple expansion using simple PHP plugins. It is designed to integrate with other monitoring tools such as Cacti.
log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the Web server log file and watches for inactivity from the user's IP. After an amount of time, another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command line program that can be run in the background.