|
PublicRoot
|
|||
|---|---|---|---|
| Open, Transparent, Inclusive, Representative & Accountable | |||
| Donations | |||
| About | Services | News | Resources | Contact |
|---|
|
|
|
Download IASON
version 0.0.7 iason-0.0.7.tgz (Experimental) What is IASON? The IASON project is dedicated to the development of an intelligent agent and knowledge system that intuitively detects and responds to attacks. When IASON detects an attack in progress it contacts the firewall and issues a set of instructions designed to exclude a single attacker or an entire network. IASON can be used to develop and deploy a Root Server Defense System designed to analyze data streams and recognize attacks. IASON works in conjunction with a network firewall and IDS (Intrusion Detection System) software to block attacks while allowing legitimate requests to reach the root name server. IASON watches traffic destined for the root name server firewall. In most cases IASON is installed on a server running the IDS (Intrusion Detection System) software. There it reads log files and monitors network interfaces for traffic between the root name server firewall and local router. Where can IASON be installed? IASON can be installed on any UNIX workstation, server or router running the Linux operating system. IASON can be installed on other Unix systems with some modifications. What can IASON do now? IASON is a suite of programs that support log analysis. These programs are designed to easily integrate with numerous log systems. System logs like “/var/log/messages”, or CISCO router, firewall and even switch logs are IASON compatible. IASON works as a log filter much like the Unix grep command is used to filter text files. IASON can even read the “/proc” file system. As IASON analyzes log files it compresses the data into a format that is readable to a prolog interpreter. IASON is used by the PublicRoot Consortium to monitor the integrety of legacy data in a number of public root systems. It actively monitors the Cesidian Root, INAIC, IntlRoot, NameSpace, and OpenNic. IASON has also monitored New.net and the ORSC. IASON Programs: proc2pl is a program that reads the “/proc” file system. It identifies the host where IASON is installed, discovers static and dynamic routes affecting that host and lists the Ethernet addresses seen by the local network interfaces. msg2pl is a filter program used to pipe “/var/log/messages” into text files. The msg2pl program filters out log messages that signify unusual activity. Those messages are then formatted for further processing. pl2txt is program that makes IASON's output human-readable. http2pl is another filter program to process Apache log files. IASON data: The data stored by IASON includes IP addresses, MAC addresses and port numbers. IASON stores this information in a specific format. Example, an IP-address like “123.4.56.7” would be stored as “IP123004056007”, and a MAC-address like “12:3:45:67:8:9” would now be “MAC120345670809”. Port numbers like 23 udp or tcp are stored as “PORT00023”. pl2txt is used to translate this record format back into standard form like “123.4.56.7”, “12:03:45:67:08:09” and “23”. Here is an example of some typical records processed using pl2txt. All records are on a single line, split only for readability:
host_type("echnaton","(none)","Linux
echnaton 2.2.19 #15").
The people behind IASON and applicable licenses? Joe Baptista and Peter Dambier are the joint developers of IASON. The PublicRoot Consortium is the official distributor and the experimental Cesidian Root is the official home root system of IASON used for testing and program development. The license applicable to IASON is GNU Copyleft. You are welcomed to help us develop IASON and improve on it, provided that any changes are made publicly available under the GNU Copyleft provisions. |
|
|
an inclusive name space provider