Libnids 1.21 review
DownloadLibnids is an implementation of an E-component of Network Intrusion Detection System
|
|
Libnids is an implementation of an E-component of Network Intrusion Detection System. It emulates the IP stack of Linux 2.0.x. Libnids offers IP defragmentation, TCP stream assembly and TCP port scan detection.
The most valuable feature of libnids is reliability. A number of tests were conducted, which proved that libnids predicts behaviour of protected Linux hosts as closely as possible.
Libnids is highly configurable in run-time and offers a convenient interface. Currently it compiles on Linux, *BSD and Solaris. WIN32 port is mantained separately here.
Using libnids, one has got a convinient access to data carried by a TCP stream, no matter how artfully obscured by an attacker.
What's New in This Release:
more externals to access libnids' intrinsics from the outside
nids_unregister_*()
UDP checksumming fix (0 is not an error according to RFC768)
nids_params.tcp_workarounds
nids_params.multiproc and queue_limit: merged a patch which creates a
separate thread for packet capture;
in killtcp.c, send two more RST packets (required because of MS05-019
patch)
glibc 2.4 syslog.h disaster workaround
Libnids 1.21 keywords