Subversive Technologies & Countermeasures
Defiant is a network IDS engine that was designed to run anywhere libpcap could be used. It is not unlike projects such as snort or other network IDS systems, but was coded from the ground up as a learning exercise in network packet inspection. The project was never fully finished but I believe it contains more then enough code to provide example and direction for those looking to learn about network packet inspection. The code has not been reviewed or thought about in sometime and was left in a intermediate state at best. Documentation is provided by commented code should provide simple documentation and program flow.
[edit] Features
- Core engine with plugable extensions
- Ethernet2, TCP/IP decoders
- Fragment reassembly engine
- Header variable detection
- Pre/Post processors
- Pre/Post detections
The engine name passed through many name incarnations so some of the code will most likely make reference to what seems to be odd variable names. iFeint being one of them.
[edit] Download
Defiant.zip
[edit] Dependencies
