Home arrow Tools arrow N-Eye - Network Environment Apperceive Tool

Main Menu

Home
The Artemis Project
Publications
KYE Translations
Tools
Technical Trainings
Maillist
Open Projects
Funding/Donation
Funding/Donation

RSS

Use RSS to Subscribe
N-Eye - Network Environment Apperceive Tool PDF Print E-mail
Written by Administrator   
2007-04-20 21:08:40

v0.1 - 09/15/05

The Artemis Project (Chinese Honeynet Project) <artemis_at_icst.pku.edu.cn>
 - Jianwei Zhuge <zhugejianwei_at_icst.pku.edu.cn>
 - Cheng Li <licheng_at_icst.pku.edu.cn>

License: GPL

Design Document (in Chinese).

Motivations:

  •   Network Management:
A good security administrator should keep track of all devices attached to the network, all opened network services, and all the vulnerabilities exist in these services. There are plenty of great open-source tools for this purpose including p 0f , pads, nmap, nessus and others. But we lack of an integrated tool which can gather all of the network enviroment information and provide a good view to the administrator. N-Eye is for this purpose, takes advantages of passive fingerprinting(p 0f , pads) and active scanning(nmap, nessus), to provide an useful network environment apperceive tool for security administrators.

  •   Honeynet Data Analysis:
Network environment information can aid the manual (or future automated) data analysis in Honeynet.

  •   NIDS Alert Validating:
Based on the network environment information, NIDS such as snort can validate its mass alerts, reducing the false alarms and unrelated alerts, therefore, improving the quality of the alerts.

Structure:

 

 

Database Schema: (see neteye.sql for details)

The neteye database is composed by following three tables:
- host: ipaddress, *hostname, *mac, *os, if local, *country code, state, ...
- open_service: ipaddress, protocol, port, service, *application, state, ...
- exist_vuln: ipaddress, protocol, port, *vuln_id, *vuln_name, type, *report, ...

Deployment:

The passive fingerprinting tools (p 0f and pads) are suggested to deploy at the edge of the network (Gateway, Firewall, or IDS box), other components can be deployed at any place of the network.

Download:

“All in one” source code distribution:
         NEye.0.1.tar.gz ( 4.35M ) (contains Nmap, p 0f and pads)

NEye component source code distributions:
       create_neteye.sql & neteye.sql
       p0f -neteye-0.1.tar.gz
       pads-1.2.tar.gz & pads-archiver-1.2.tar.gz
       nessus-neteye-0.1.tar.gz
       nmap-neteye.3.81.tar.gz
       neteyed-0.1.tar.gz
       neteye-gui-0.1.tar.gz

Install:

       tar -zxf NEye.0.1.tar.gz
       sh install.sh

See INSTALL for details

Configuration Files:

       p 0f -neteye: /etc/p 0f /p 0f -neteye.conf
       pads: /usr/local/etc/pads.conf; /usr/local/etc/pads-archiver.conf
       nmap-neteye: /usr/local/etc/nmap-neteye.conf
       nessus-neteye: /usr/local/etc/nessus-neteye.conf
       neteyed: /usr/local/etc/neteyed.conf
       neteye GUI: /var/www/cgi-bin/neteye/gui-neteye.conf

Usage:

       The easiest way:
       Start:
              sh NEyeStart.sh

NOTE: The neteyed will wait for the nessus and nmap finishes their scanning job, so we suggest you be patient if the target-net is large.

       Kill all daemons that NEye started:
              sh NEyeKill.sh

See README for detail.

Last Updated ( 2008-11-09 23:46:52 )
 
< Prev