I am new in the group. I would like to give a suggestion for exam 303: To include one question about IPS (Intrusion Prevention System) HLBR (Hogwash Light BR) in the exam.
*About HLBR:* HLBR is a brazilian project, started in november 2005, as a fork of the Hogwash project (started by Jason Larsen in 1996). This project is destined to the security in computer networks. HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn't need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn't make use of the operating system's TCP/IP stack, it can be "invisible" to network access and attackers. http://hlbr.sourceforge.net/index.html.en Suggestion of question about HLBR: X) What this rule makes? <rule> ip dst(www) tcp dst(80) tcp nocase(cmd.exe) message=cmd.exe test action=action1 </rule> A) .... B) .... C) .... D) .... Thanks. -- Rogerio Ferreira http://rogerioferreira.objectis.net
_______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
