WormTrack is a
Network based intrusion detection system (NIDS) designed
to identify scanning activity on the
network, in particular of
scanning
worms (horizontal scanning of the network). It attempts to do that
WITHOUT having any type of privileged access to the network equipment,
for example a MONITOR port on a switch. It also doesn't require a
constant updating of its signature engine, as new threats are released,
since it is based on
detection of anomalous activity - which all Worms,
that propagate through the network, would exhibit in order to survive
and spread efficiently. A
Network IDS which allows detection of scanning worms on a Local Area
Network by
monitoring of anomalous ARP traffic. This allows detection of
scanning threats on the network, without having a privileged access on a
Switch to set up a dedicated Monitor PORT, nor does it require a
constant updating of the rules engine to address new threats.
Tutorials ::
Download ::
0 comments :
Post a Comment