Hello everybody, First of all: Thanks for the great work! I think NfSen is a very usefull tool!
I have created a small plugin for nfsen which I want to share. I am not sure if this is the right place to post it. Please tell me if its not. ABOUT THE PLUGIN: NfSen-BlacklistIP is an alert-condition-plugin for nfsen. The goal is to fire an alert each time a connection from, or to a blacklisted ip address is recognized, where the list of unwanted ip addresses is maintained by hand and more or less static. When the alert is fired, related connections become visible in the plugins frontend. This information can be used for further filtering. BlacklistIP is not a replacement for the botnet-plugin, the goal is completely different. If you want to compere these two, you can think of BlacklisIP to be the younger and less intelligent brother of the botnet-plugin :) I am running both of them: The botnet-plugin is automaticaly updated from security sites. The blacklist for the blacklistip-plugin is maintained by hand. It contains a short list of ip addresses which is updated about once in two weeks (as soon as I get new IPs to blacklist). I created the plugin because I thought it would be less work to create a new plugin than to change the botnet-plugin in a way that it can perform both tasks (passing botnet-connections to the events-plugin and directly reporting blacklisted connections) at the same time. The plugin is distributed under BSD license and can be downloaded here: http://public.thiemeier.net/download/nfsen-blacklistip-0.1.tar.bz2 For more information about the plugin and how to install it, take a look at the README file or at my homepage: http://public.thiemeier.net/blacklistip/index.html The site is still under constructions, but basic info and downloads are available. Comments and suggestions are very welcome! kind regards, Lukas Thiemeier ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
