![Image](http://c.fsdn.com/fm/screenshots/57788_thumb.jpg)
HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in layer 2 of the OSI model (invisible to attackers). Detection of malicious/anomalous traffic is done by rules based on signatures. It is an efficient and versatile IPS, and can be used as a bridge to honeypots and honeynets. HLBR is a firewall element and can use regular expressions to detect malicious traffic. For example, a rule which might detect links to viruses in email messages would be 'tcp regex(href="[^\n]+\.scr")'.
License: GNU General Public License (GPL)
Changes:
The URI test has been moved to the HTTP test (still testing). An HTTP method test has been added. An URI decoder has been added to the engine. Now decoders may have configuration options. New (and more efficient) HTTP header detection. test_ethernet_{src,dst}.c and README.{en,pt_BR} have been updated. The tcpdump header has been changed from /var/lib/hlbr to /usr/lib/hlbr. A description and force-reload option have been added to init.d to make it compliant with Debian and LSB. There are new rules.
More...