15.5 Scanning and Analyzing with SHADOWSHADOW is a sophisticated tool for analyzing intrusion attempts and successes and recognizing patterns of many intrusion attempts in large volumes of otherwise normal traffic, available from the U.S. Navy's Naval Surface Warfare Center. It operates in near real-time, generating alerts and capturing packets for further analysis and for evidence in subsequent legal action. It can detect stealth scans done via TCP "half-opens," sending ICMP echo replies, etc. This site also offers a very detailed document covering setting up SHADOW and related "sensors" and related matters. It even discusses how large your detection and analysis systems need to be to process data from Internet pipes of various bandwidths.
www.nswc.navy.mil/ISSEC/CID/ |
Top |