NFR Packages Reference: Web
Home ] Up ] NFR Packages Reference: Mail ] NFR Packages Reference: Network ] [ NFR Packages Reference: Web ]


Web Package

The web package includes backends that watch traffic on the World Wide Web.

Backends

  • detect - This list backend looks for TCP sessions that appear to be a Web browser making a request to a Web server. This backend is useful if you are trying to detect unauthorized Web servers on your network.  It makes a list of:
    • destination host
    • destination port

You may wish to enable alerts for this backend, so that NFR sends an alert whenever it detects a new host on your network that could be a Web server.

  • watchservers - This list backend records the commands sent to the Web servers on your network.  This backend is useful if you want to see whether your Web traffic is mostly legitimate requests or if there are many attempts to break-into your Web server.  It makes a list of:
    • TCP hash value, which identifies the TCP session
    • source host
    • destination host
    • command lines sent to the destination host

    Note that the backend does not list the response by the destination, such as whether the requested command was successful.


Back ] Home ] Up ]