Feature: Ninja IDS/EWS(Intrusion Detection System/Early Warning System)
New Feature, fully implement Ninja-IDS
The plan for Ninja IDS is a very light weight IDS that functions as an early warning system.(Perhaps it should be called and EWS, rather than and IDS).
The concept is give the user a heads up if their machine is being paid attention over the network.
- Base level - logging suspicious incomming packets. Xmas packets, Null packets, pings, and other invalid "attack" and recon packets. 1a. Log suspicious base level wireless frames. "Evil Twins", fragmented packets, de-auths, and invalid "attack" and recon frames.
Level one - log to /var/log/netsec.log, and provide
-
mid level, do analysis and figure out what constitutes as an attack. Get syn and ping data and using settings, determine what constitutes a flood.
-
top level, client reporting and config. Base GUI config on flood sensitivity, sys tray icon, with log of analyized data, and lib-notify popups for new attacks.
Edited by Dev Ninja