TCP Anomaly Detector project

[Rui Paulo]

Hi,
Now that tcpad (TCP Anomaly Detector) is, at least, barely usable, I
decided to talk about it.

First of all, the wiki page http://wiki.freebsd.org/RuiPaulo/TCPAnomaly
talks all about the rationale behind it and how it works.

For your convenience, I'll post it here too:

  "tcpad listens for TCP packets on the wire and builds a virtual TCP stack
for each TCP endpoint. This means that, for example, if you run tcpad on
a gateway, tcpad will monitor every connection between the hosts behind
the gateway, the hosts reachable by the gateway (usually the Internet)
and the connections to/from the gateway itself. After the initial
packets, tcpad has built a virtual TCP stack for each endpoint. [...]
Along with this virtual TCP stack, tcpad monitors for abnormalities
within the transmitted packets. For further inspection, tcpad keeps
every TCP packet in memory and then dumps it into a pcap file. If you
suspect a bug in a TCP stack or tcpad itself, you can boot tcpdump(1) or
wireshark(1) and see the packet stream for yourself."

Now, a warning about it: tcpad is still in pre-beta phase, so if you
want to try it out, please be aware that it may crash, may hurt a
butterfly or just make your life miserable. In other words, no warranty
;-)

If you have great interest in TCP, this is the project you've been
looking for to help. ;-) I'm pretty sure that I need a couple more hands
to make this project rock solid in the short term, so your help is very
appreciated.

On the wiki page you should find every information to get you working
with tcpad. If you need more help, you can contact me.

Thanks for reading.
-- 
Rui Paulo