PADS is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
Goals
- Passive: Records and identifies traffic seen on a network without actively "scanning" a system. There will never be a packet sent from the pads applications
- Portable: Has the ability to be placed easily on a remote system. Does not require additional external libraries other than those associated with libpcap.
- Lightweight: Logging is sent to a simple CSV file. There is no need for a database or other data repository installed on the local machine. All correlation is done outside of the pads program.
Description
Asset management is an important factor in information security. A good security administrator should keep track of all devices attached to the network. Even though active scanners such as nmap and Nessus are valuable tools, sometimes it necessary to identify network devices in a passive manner. Pads was developed to sit along side the promiscuous interface of an IDS device. It will listen to network traffic and attempt to identify the applications running on the network.
Comments Off
Entries (RSS)