Section 15.5 Scanning and Analyzing with SHADOW

Previous page
Table of content
Next page
   

15.5 Scanning and Analyzing with SHADOW

SHADOW is a sophisticated tool for analyzing intrusion attempts and successes and recognizing patterns of many intrusion attempts in large volumes of otherwise normal traffic, available from the U.S. Navy's Naval Surface Warfare Center.

It operates in near real-time, generating alerts and capturing packets for further analysis and for evidence in subsequent legal action. It can detect stealth scans done via TCP "half-opens," sending ICMP echo replies, etc.

This site also offers a very detailed document covering setting up SHADOW and related "sensors" and related matters. It even discusses how large your detection and analysis systems need to be to process data from Internet pipes of various bandwidths.

SHADOW is an excellent free product that can handle even very large sites. I know of a number of large military and other government sites that have connections to the Internet and classified data that find it quite useful despite many cracker attacks. SHADOW is an acronym for Secondary Heuristic Analysis for Defensive Online Warfare.


www.nswc.navy.mil/ISSEC/CID/

   
Top

Previous page
Table of content
Next page
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Lotus Notes and Domino 6 Development (2nd Edition)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
101 Microsoft Visual Basic .NET Applications
Comparing, Designing, and Deploying VPNs
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy