Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

OS-SIM 1.0.4 (AlienVault OSSIM Installer branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News OS-SIM 1.0.4 (AlienVault OSSIM Installer branch)
# 1  
Old 02-23-2008
OS-SIM 1.0.4 (AlienVault OSSIM Installer branch)
Image OSSIM aims to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, BASE, NTOP, Nagios, nmap, nessus, and rrdtool to provide the user with full control over every aspect of networking or security. License: BSD License (revised) Changes:
The OSSIM installer aims at providing an easy to use introduction to new users approaching OSSIM. Besides configuring all the needed components, it provides tools to ease an initial approach for new users to the Security Information Management area. Advanced graphs, viewers, and tuning are included, which would not be possible to achieve using standard OS installation packages.Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

farpd

ARPD(8) 						    BSD System Manager's Manual 						   ARPD(8)

NAME

     farpd -- ARP reply daemon

SYNOPSIS

     farpd [-d] [-i interface] [net ...]

DESCRIPTION

     farpd replies to any ARP request for an IP address matching the specified destination net with the hardware MAC address of the specified
     interface, but only after determining if another host already claims it.

     Any IP address claimed by farpd is eventually forgotten after a period of inactivity or after a hard timeout, and is relinquished if the real
     owner shows up.

     This enables a single host to claim all unassigned addresses on a LAN for network monitoring or simulation.

     farpd exits on an interrupt or termination signal.

     Note: The program name farpd has been changed in Debian GNU/Linux from the original name (arpd) to avoid name clash with other ARP daemons.

     The options are as follows:

     -d      Do not daemonize, and enable verbose debugging messages.

     -i interface
	     Listen on interface.  If unspecified, farpd searches the system interface list for the lowest numbered, configured ``up'' interface
	     (excluding loopback).

     net     The IP address or network (specified in CIDR notation) or IP address ranges to claim (e.g. ``10.0.0.3'', ``10.0.0.0/16'' or
	     ``10.0.0.5-10.0.0.15''). If unspecified, farpd will attempt to claim any IP address it sees an ARP request for.  Mutiple addresses
	     may be specified.

FILES

     /var/run/farpd.pid

SEE ALSO

     pcapd(8), synackd(8)

BUGS

     farpd will respond too slowly to ARP requests for some applications. In order to ensure that it does not claim existing IP addresses it will
     send two ARP request and wait for a reply. This slowness affects the nmap network scanning tool, and possibly others, which uses by default
     ARP when scanning local networks. The answers from farpd will come after the tool has timeout waiting for the ARP replies and, consequently,
     IP addresses claimed by farpd will not be discovered.

     Additionally, farpd sends the ARP replies to the broadcast address of the network and not to the host that send the ARP request. Some systems
     and applications (notably nmap) will not handled these requests and expect directed ARP replies (i.e. targeted specifically to the host that
     sent the request and not to the network)

AUTHORS

     Dug Song <dugsong@monkey.org>, Niels Provos <provos@citi.umich.edu>

								  August 4, 2001