Download Shareware and Freeware Software for Windows, Linux, Macintosh, PDA

line Home  |  About Us  |  Link To Us  |  FAQ  |  Contact

Serving Software Downloads in 976 Categories, Downloaded 29.546.625 Times

labrea 2.5

  Date Added: September 25, 2010  |  Visits: 740

labrea

Report Broken Link
Printer Friendly Version


Product Homepage
Download (73 downloads)



LaBrea is a intrusion detection / "sticky" honey pot technology using virtual servers to detect malware. LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers to connection attempts in a way that the machine at the other end gets "stuck", sometimes for a very long time. LaBrea works by watching ARP requests and replies. When the pgm sees consecutive ARP requests spaced several seconds apart, without any intervening ARP reply, it assumes that the IP in question is unoccupied. It then "creates" an ARP reply with a bogus MAC address, and fires it back to the requester. An example (from a tcpdump of LaBrea running on my network): 14:18:28.832187 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1 14:18:29.646402 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1 14:18:31.707295 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1 14:18:31.707574 ARP reply xx.xx.xx.13 is-at 0:0:f:ff:ff:ff There is no xx.xx.xx.13 machine on my network. In this case, the timeout was set to 3 seconds (its a command line parameter), and when that final "who-has" came in, the "is-at" reply that you see was generated by LaBrea. There isnt a MAC address of 0:0:f:ff:ff:ff either. It doesnt exist. But now, the router (xx.xx.xx.1) believes that there some machine at xx.xx.xx.13, and that it resides on the MAC address 0:0:f:ff:ff:ff, and so it dutifully sends packets on. In essence, weve created a "virtual machine" on that IP address. Now, LaBrea also watches for TCP traffic destined for the ether address 0:0:f:ff:ff:ff. When it sees an inbound TCP SYN packet, it replies with a SYN/ACK that "tarpits" that connection attempt. Everything else is ignored. (Well... sort of. LaBrea also tries to give its "virtual machines" some character... you can ping them, and they respond to a SYN/ACK with a RST. Theres more to it than that (obviously...) but youll need to read further. Whats New in This Release: - src/ctl.c (ctl_init_arrays): Remove call to sleep since not supposed to mix with alarm calls on linux. - src/utils.c (util_alarm), src/labrea.c: Set alarm and signal handlers after going into daemon mode so that child will get signal - src/labrea_init.c, src/lbio.c: Take out fudge code since libdnet 1.7 ethopen now uses the libdnet device names (ie eth1, etc)..

Requirements: No special requirements
Platforms: Linux
Keyword: Address Arp Honey Pot Intrusion Detection Ip Labrea Mac Reply Servers Sticky Syn Using Using Virtual Virtual Virtual Servers
Users rating: 0/10

License: Freeware Size: 204.8 KB
USER REVIEWS
More Reviews or Write Review


LABREA RELATED
Remote Computing Tools  -  Sax2 Intrusion detection system(Free) 4.7
Ax3soft Sax2 is a professional intrusion detection and prevention software (NIDS) used to detect intrusion and attacks, analyze and manage your network which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and...
6.89 MB  
Network Information Tools  -  Securepoint Intrusion Detection 2.0 2.07
The Securepoint Intrusion Detection System (nuzzler basic) allows to analyse your network for intrusion detections. Nuzzler basic is a full Intrusion Detection System using your local Computer. Nuzzler can detect possible attacks, viruses, trojans...
1.66 MB  
Utilities  -  Linux Intrusion Detection System 2.2.3rc7
The Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off online and you...
296.96 KB  
Libraries  -  Libnids 1.22
Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection. The most valuable feature of...
143.36 KB  
Dial-up Networking Tools  -  HttpTrafficGen 1.7.5
HTTP traffic generator allows to generate a good amount of http traffic for testing web applications, web servers, intrusion detection system and their resistance to HTTP attacks. You can specify the requests count and interval between two...
495.3 KB  
Network & Internet  -  mod_fortress 1.0
mod_fortress is an application level firewall and intrusion detection system. mod_fortress is designed to intercept certain CGI/HTTP attacks by acting as a non-transparent proxy between an Apache server and an HTTP client..
14.34 KB  
Networking Tools  -  ArpSpyX 1.1
ArpSpyX is an ARP packet sniffer that displays a list of IP and MAC addresses found by analyzing ARP traffic on your network. Arp packets are an indicator of what machines are active on your network. ArpSpyX will passively sniff your network for...
204.8 KB  
Utilities  -  Firewall Tester 1.0
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The...
30.72 KB  
Networking Tools  -  FTester 1.0
FTester (The Firewall Tester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The...
30.72 KB  
Networking Tools  -  Snort Report 1.3.1
Snort Report is an add-on module for the Snort Intrusion Detection System. Snort Report add-on provides realtime reporting from the MySQL database generated by Snort. It has been tested on Redhat 6.2, 7.0, 7.1, and OpenBSD 2.9.. Symmetrix...
43.01 KB  
NEW DOWNLOADS IN LINUX SOFTWARE, UTILITIES
Linux Software  -  Polling Autodialer Software 3.4
ICTBroadcast Auto Dialer software has a survey campaign for telephone surveys and polls. This auto dialer software automatically dials a list of numbers and asks them a set of questions that they can respond to, by using their telephone keypad....
488 B  
Linux Software  -  Total Video Converter Mac Free 3.5.5
Total Video Converter Mac Free developed by EffectMatrix Ltd is the official legal version of Total Video Converter which was a globally recognized brand since 2006. Total Video Converter Mac Free is a free but powerful all-in-one video...
17.7 MB  
Linux Software  -  Skeith mod_log_sql Analyzer 2.10beta2
Skeith is a php based front end for analyzing logs for Apache using mod_log_sql.
47.5 KB  
Linux Software  -  SLAX 6.0+
Slax is a modern, portable, small and fast Linux operating system with a modular approach and outstanding design. Despite its small size, Slax provides a wide collection of pre-installed software for daily use, including a well organized graphical...
190 KB  
Linux Software  -  GTK+ 2.5
GTK+, which stands for the GIMP Toolkit, is a library for creating graphical user interfaces for the X Window System. It is designed to be small, efficient, and flexible. GTK+ is written in C with a very object-oriented approach. Language bindings...
60 MB  
Utilities  -  LPAR2RRD 4.95-4
LPAR2RRD collects performance data and generates actual, historical and future trends utilization graphs of your virtual environment. It is agentless (it receives everything from the management stations like vCenter or HMC). The product supports...
2.25 MB  
Utilities  -  Nessconnect 1.0.2
Nessconnect is a GUI, CLI and API client for Nessus and Nessus compatible servers. With an improved user interface, it provides local session management, scan templates, report generation through XSLT, charts and graphs, and vulnerability trending.
819.2 KB  
Utilities  -  Dynamic Power Management 2.6.16
The Dynamic Power Management (DPM) project explores technologies to improve power conservation capabilities of platforms based on open source software. Of particular interest are techniques applicable to running systems, adjusting power parameters...
30.72 KB  
Utilities  -  Ethernet bridge tables 2.4.37.9
Ethernet bridge tables - Linux Ethernet filter for the Linux bridge. The 2.4-ebtables-brnf package contains the ebtables+bridge-nf patch. Be sure to check out the ebtables hp. This site also contains the arptables userspace tool.
40.96 KB  
Utilities  -  SaraB 1.0.0
SaraB works with DAR (Disk ARchive) to schedule and rotate backups on random-access media (i.e. hard drives, CDs, DVDs, Zip, etc. Basically anything except magnetic tapes.) This reduces hassle for the administrator by providing an automatic backup...
20.48 KB