Netward in Beta
The netward program, a simple hey why are you connecting to that program has entered beta stage. The program uses libpcap to detect when a port should not be accessed and logs. Currently plans for the program are to add one more tweak to cut down on noise for admins and possibly add an event handler script.
As anyone who has followed the site knows (all two or three of you) Netward was rewritten from the ground up. It is now, finally a year later in BETA stage. It now sports all of the following features:
- A configuration file instead of all on the command line.
- Two timers for detection; how many packets to poll and how often.
- Full libpcap filter syntax support. Why reinvent the wheel?
- Logging support.
- Config file and logfile can be changed from default via the command line or within the header at build time.
The only work left is it would be nice if there was another control mechanism a sysadmin could tweak that says after n hits actually alarm instead of just log it all now. The problem is the potential to have a lot of redundant entries. For instance if netward uses a poll rate of 1/10 sec and sample 1024 packets the logfile could fill up quick. It might be better to say don't start logging until N.
This topic does not have any threads posted yet!
You cannot post until you login.