Main > System > Monitoring >

labrea 2.5

labrea 2.5

Sponsored Links

labrea 2.5 Ranking & Summary

RankingClick at the star to rank
Ranking Level
User Review: 0 (0 times)
Download now
File size: 0.20 MB
Platform: Any Platform
License: GPL (GNU General Public License)
Price:
Downloads: 1219
Date added: 2006-07-07
Publisher: Loren Gordon

labrea 2.5 description

LaBrea is a intrusion detection / "sticky" honey pot technology using virtual servers to detect malware. LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers to connection attempts in a way that the machine at the other end gets "stuck", sometimes for a very long time.
LaBrea works by watching ARP requests and replies. When the pgm sees consecutive ARP requests spaced several seconds apart, without any intervening ARP reply, it assumes that the IP in question is unoccupied. It then "creates" an ARP reply with a bogus MAC address, and fires it back to the requester.
An example (from a tcpdump of LaBrea running on my network):
14:18:28.832187 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:29.646402 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:31.707295 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:31.707574 ARP reply xx.xx.xx.13 is-at 0:0:f:ff:ff:ff
There is no xx.xx.xx.13 machine on my network. In this case, the timeout was set to 3 seconds (its a command line parameter), and when that final "who-has" came in, the "is-at" reply that you see was generated by LaBrea.
There isnt a MAC address of 0:0:f:ff:ff:ff either. It doesnt exist.
But now, the router (xx.xx.xx.1) believes that there some machine at xx.xx.xx.13, and that it resides on the MAC address 0:0:f:ff:ff:ff, and so it dutifully sends packets on. In
essence, weve created a "virtual machine" on that IP address.
Now, LaBrea also watches for TCP traffic destined for the ether address 0:0:f:ff:ff:ff. When it sees an inbound TCP SYN packet, it replies with a SYN/ACK that "tarpits" that connection attempt. Everything else is ignored. (Well... sort of. LaBrea also tries to give its "virtual machines" some character... you can ping them, and they respond to a SYN/ACK with a RST.
Theres more to it than that (obviously...) but youll need to read further.
Enhancements:
- src/ctl.c (ctl_init_arrays): Remove call to sleep since not supposed to mix with alarm calls on linux.
- src/utils.c (util_alarm), src/labrea.c: Set alarm and signal handlers after going into daemon mode so that child will get signal
- src/labrea_init.c, src/lbio.c: Take out fudge code since libdnet 1.7 ethopen now uses the libdnet device names (ie eth1, etc).
Download now

labrea 2.5 Screenshot

labrea 2.5 View labrea 2.5 Full Screenshot
Advertisements
Download labrea 2.5

labrea 2.5 Keywords

ARP LaBrea SYN MAC IP virtual servers using virtual to detect Intrusion Detection honey pot detect malware virtual servers reply sticky technology

Bookmark labrea 2.5

Hyperlink code:
Link for forum:

labrea 2.5 Copyright

WareSeeker periodically updates pricing and software information of labrea 2.5 full version from the publisher, so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of labrea 2.5 Edition. Download links are directly from our publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed

Allok Video Splitter 2.2.0 Review:

Name (Required)
Email(Required)
Captcha
Featured Software

Want to place your software product here?
Please contact us for consideration.

Contact WareSeeker.com
Embed software to your page
Related Information
bwsd virtual servers virtual servers hosting virtual mpf how to detect malware intrusion detection system honey pot orchards virtual villagers virtual servers definition belkin virtual servers virtual private servers virtual tournament director intrusion detection software honey pot tampa virtual earth apache virtual servers network intrusion detection honey pot hill virtual servers wiki
More
Related Software

labrea 2.5

Arping 2.05

Arping is an ARP level ping utility. Free Download

LaBrea::Tarpit 1.33

LaBrea::Tarpit Perl module contains utilities and web displays for Tom Listons LaBrea scanner/worm disruptor. Free Download

Halberd 0.2.1

Halberd discovers HTTP load balancers. Free Download

RealChat 5

RealChat combines a high performance Java chat server with a lightweight Ajax chat client. You get tabbed chat, private rooms, customizable appearance, web-based configuration, and more! Free Download

arpalert 2.0.7

arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. Free Download

EJBCA 3.4.5

EJBCA is a fully functional Certificate Authority in Java using J2EE technology. Free Download

arp-scan 1.6

arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. Free Download

ImSafe 0.2.2

ImSafe (Immune Security For your Enterprise) is a host-based intrusion detection tool. Free Download
Latest Software
  1. UTM for Linux 5.1.10-016
  2. Saurus CMS Free for Linux / Mac OS X 4.5.1
  3. ARPSpoofDetector 0.1.3
  4. Snort 2.7.0.1
  5. OpenVZ kernel 2.6.18-028stab039.1
  6. Barcode::Code128 2.01
  7. Libnids 1.22
  8. vzctl 3.0.17
Popular Software
  1. Linux Virtual Server 1.21
  2. PHPMailer 1.73
  3. Vertigo 0.6.3
  4. StrongBox Linux 1.0 beta14
  5. Sticky Notes 1.1.5
  6. Netdiscover 0.3 beta6
  7. vzpkg 2.7.0-18
  8. NoNox 1.17
Favourite Software
  1. Jumper 1.2
  2. external IP 0.9.9
  3. FreeVPS 1.5-8
  4. Linux-VServer 2.2.0
  5. Essentia Web Server for Linux 2.1
  6. vzquota 3.0.11
  7. ArpSpyX 1.1
  8. dnsutl 1.8