trollhunter homepage website last updated: 12. Feb 2003 |
project hosted by |
[description] [screenshots] [project page] [download] [requirements] [license]
Description |
trollhunter is a tool to view, analyze and monitor Linux 2.4 netfilter/iptables
logfiles. There is two basic modes the program can work in. The first is
a Perl/TK based analyzation of a set of log messages. The result is colored
output which helps the user to easily run over large amounts of log messages
yet find points of interest quickly. Once a point of interest has been
spotted the user can dig deeper and is presented more detailed information
such as the full ip fields, whois lookup and contact addresses. As an alternative
trollhunter can follow a stream of log messages in real time mode and report
the ongoing activity to a person monitoring the firewall.
the analyzation of a log message is based on several factors. the core is a list of ports of known exploits/trojans/viri and so on. additionally the setup of your local network is taken into account. configuration hooks exist to allow trollhunter to apply to some special network architectures (eg. if you have a 'friendly' http proxy you access but it is not in your local network). the toll is also able to detect various ways of stealth scanning (Xmas, SYN/FIN scan etc). trollhunter also offers the use of several ways of filtering. you can filter the output based on severity, ip ports, ip addresses and so on. |
Requirements |
Software installed:
this is usually already installed on your system this is usually already installed on your system If you don't have the package you can get it from http://www.vipul.net/perl/ Installing XWhois is easy: untar/unzip, perl Makefile.PL, make, make test, make install trollhunter does not require special firewall rules or other adjustments to an existing setting. it just needs standard netfilter/iptables log messages as input. |
License |
trollhunter is free software published under the GNU General Public License. This basically means you get all the sources and a free to modify it. However you may not benefit commercially from the result and you are required to make all sources, including your changes, available to the public. Please check all the details by reading the file COPYING that comes with trollhunter's .tar.gz package. |
[description] [screenshots] [project page] [download] [requirements] [license]