Projects / Cyberprobe

Cyberprobe

Cyberprobe is a distributed architecture for real-time monitoring of networks against attack. The software consists of two components: cyberprobe, which collects data packets and forwards it over a network in standard streaming protocols; and cybermon, which receives the streamed packets, decodes the protocols, and interprets the information. Cyberprobe can optionally be configured to receive alerts from Snort. In this configuration, when an alert is received, the IP source address associated with the alert is dynamically targeted for a period of time. Collecting data and forwarding over the network to a central collection point allows for a much more "industrialized" approach to intrusion detection. The monitor, cybermon, is highly configurable using LUA, allowing you to do a great many things with captured data: summarize, hexdump, store, and respond with packet injections.

Tags
Licenses
Operating Systems
Implementation
Translations

RSS Recent releases

  •  02 Oct 2013 00:45

    Release Notes: This release adds support for the GNU build system, which means it is built using "configure". The end result is that it is now more flexible about the kind of system it is built on (e.g., it works with LUA 5.1 and 5.2). It compiles and works using a MacBook Pro, for instance.

    •  15 Sep 2013 22:44

      Release Notes: This release brings SMTP and FTP protocol processing plus a simple visualization engine that allows you to get a single Web page view of the activity on your network. Check out the Quickstart page to see what you can do.

      •  27 Aug 2013 03:18

        Release Notes: This release adds more protocol decode support, with the ability to decode HTTP and DNS protocols. An overhaul of the LUA configuration language allows you to harness the decoded protocol information and act on it. Also added are a couple of packet forgery techniques, with TCP reset and DNS packet forgery added. This allows you to detect attacks and respond with packet injection in order to disrupt the attack. Finally, to coincide with 0.20, the Web site has been updated with a QuickStart tutorial to help get you working with cyberprobe and cybermon components.

        •  13 Aug 2013 08:47

          Release Notes: This release added the initial version of a simple data analysis tool, cybermon, which can provide real-time feedback on data leaving your network as a result of network attacks.

          •  30 Jul 2013 20:50

            Release Notes: This is the first release of Cyberprobe on SourceForge.

            Screenshot

            Project Spotlight

            poppler

            A PDF rendering library.

            Screenshot

            Project Spotlight

            KDE-Services

            Extensions providing additional features for Dolphin's right click menu in KDE.