WormTrack is a Network based intrusion detection system (NIDS) designed to identify scanning activity on the network, in particular of scanning worms (horizontal scanning of the network). It attempts to do that WITHOUT having any type of privileged access to the network equipment, for example a MONITOR port on a switch. It also doesn't require a constant updating of its signature engine, as new threats are released, since it is based on detection of anomalous activity - which all Worms, that propagate through the network, would exhibit in order to survive and spread efficiently. A Network IDS which allows detection of scanning worms on a Local Area Network by monitoring of anomalous ARP traffic. This allows detection of scanning threats on the network, without having a privileged access on a Switch to set up a dedicated Monitor PORT, nor does it require a constant updating of the rules engine to address new threats. 

Tutorials ::

General Info & Configuration :: Click Here

Download ::

Linux :: WormTrackv0.1 (.tar.gz)


Post a Comment