- New relase delivered (0.3)
- Improvements on the SIP and HTTP analizers
- DDoS analyzer.
- Memory improvements.
- Fix minor bugs
Polyvaccine is supports the next platforms:
- Linux x86_32(deprecated) x86_64
- Freebsd x86_64 (beta)
Polyvaccine have the next main characteristics:
- Don’t need signature updates.
- The main three task(detection, protection, filtering) could be placed distributed on several nodes
- The architecture is fully distributed (using dbus as main orb).
- The integration with other subsystems such as logger, firewalls and so on is easy just by using simple python scripts.
- Don’t have support for Sql-injection, just any type of binary attacks.
- Don’t try to replace the functions of a NIDS.
- The management task are negligible
TODO Future developments and improvements :
- Provide more x64 exploits
- Support IPv6 networks
- Full support for BSD platforms(detection and protection engine)
- DDoS analyzer support(under version 0.3).
- Isolate the dbus layer in order to support other orbs.
- Many others.
Polyvaccine was designed to protects HTTP or SIP servers from any type of binary exploits. The arquictecture is distributed and all the process could execute on different machines depending of the architecture and traffic.
The main process are:
- Filter engine (pvfe)
- Detection engine (pvde)
- Protection engine (pvpe)
For How o USAGE : HTTP graph cache http://code.google.com/p/polyvaccine/wiki/HttpGraphCache , Playing with the detection engine http://code.google.com/p/polyvaccine/wiki/DetectionEngine, Cache effectiveness (HTTP/SIP) http://code.google.com/p/polyvaccine/wiki/CacheEffectiveness