Welcome!
Wednesday 08 September 2010 @ 15:24 CEST

Paint that IDS

Wednesday 03 December 2008 @ 10:55 CET

Contributed by: lars

Security

A friend of mine, Espen Grøndahl, has created his very own IDS. To be precise, it is not a IDS per se, but a tool to visualize firewall logs. It's written in Perl and visualizes OpenBSD's pf firewall log. The IDS is called Fireplot and can be downloaded here. It is really easy to identify port scans, like this plot shows.

Two friends of Espen decided they wanted to test Fireplot, so they crafted and launched a nice "attack":

"WTF are these pictures doing in my IDS log?!?"

The original Fireplot log can be seen here:

http://espen.mine.nu/cgi-bin/fireplot3/showimg.cgi?date=2005-10-28

They even got some Star Wars in there. Quite funny.

What's Related

Story Options

Trackback

Trackback URL for this entry: http://blog.larsstrand.org/trackback.php?id=Paint-that-IDS-fireplot

Here's what others have to say about 'Paint that IDS':

System Monitoring » Blog Archive » Network Graphics Hackery
Tracked on Saturday 06 December 2008 @ 00:31 CET

IDS sprayed with network traffic that draws a picture - Zoidbot
Tracked on Wednesday 14 January 2009 @ 20:05 CET

IDS sprayed with network traffic that draws a picture - Zoidbot
Tracked on Sunday 25 January 2009 @ 19:59 CET

Paint that IDS | 1 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Paint that IDS
Authored by: Anonymous on Wednesday 24 June 2009 @ 23:52 CEST
We're now working on an implementation that will plot the firewall log data from hundreds of PC's at the University of Oslo in the same plot.

The PoC is ready - I'll post an update when we're done.

Espen G
[ # ]

Jump

larsstrand.org
nr.no/~strand

Topics

Older Stories

Thursday 23-Apr


Wednesday 08-Apr


Tuesday 07-Apr


Sunday 01-Feb


Wednesday 03-Dec


Sunday 26-Oct


Wednesday 05-Mar


Saturday 16-Feb


Friday 15-Feb
 Copyright © 2010 Lars Strand
 All trademarks and copyrights on this page are owned by their respective owners. 		Powered by Geeklog 
Created this page in 0.22 seconds