NAME
HLBR - Hogwash Light BR, an layer 2 network IPS
SYNOPSIS
hlbr -c config-file -r rules-file [-l logs-directory ] [-tndv]
DESCRIPTION
HLBR is an IPS (Intrusion Prevention System) that can filter packets
directly in the layer 2 of the OSI model (so the machine doesn’t need
even an IP address). Detection of malicious/anomalous traffic is done
by rules based in signatures, and the user can add more rules. It is an
efficient and versatile IPS, and it can even be used as bridge to
honeypots and honeynets. Since it doesn’t make use of the operating
system’s TCP/IP stack, it can be "invisible" to network access and
attackers.
HLBR is based in Jason Larsen’s Hogwash, available at
http://hogwash.sf.net
OPTIONS
The options described here must be specified at the command line:
-t Parse rules and exit.
-n Process n packets and exit.
-d Enter Daemon Mode (Background Execution).
-v Print version and exit.
FILES
/etc/hlbr/hlbr.conf
default configuration file.
/etc/hlbr/hlbr.rules
default rules file.
/etc/hlbr/empty.rules
empty rules file (for testing purposes).
AVAILABILITY
The latest version of this program can be found at:
http://sourceforge.net/projects/hlbr
LICENSE
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
HLBR RULES
To make or adjust HLBR rules, please see the README file (in Debian it
can be found into /usr/share/doc/hlbr/ ). You can use HLBRW to help
you to make new rules.
SEE ALSO
hlbrw(1), tcpdump(8)
AUTHORS
Andre Bertelli Araujo (arkanoid) <bertelli.andre@gmail.com> (project
leader)
Joao Eriberto Mota Filho (eriberto) <eriberto@eriberto.pro.br> (project
leader)
Pedro Arthur P. R. Duarte (pedroarthur) <pedroarthur.jedi@gmail.com>
TEAM
Please see: http://hlbr.sourceforge.net/corner.html