Digenis

Introduction

Digenis (Figure 1) is composed of a network processor board (IXP1200) and a number of sensors (PCs) connected with the network processor. The network processor is the entry and exit point of the traffic that runs through the system. The basic task of the network processor is to evenly distribute the traffic across sensors and to transmit the friendly packets back to their destination. Sensors are responsible for the heavy task of inspecting the traffic for intrusion attempts. They maintain the required information for recognizing all the malicious traffic and deciding whether to forward or drop the packet.

Figure 1: Digenis Architecture

For every input packet, the network processor computes which of the sensors will be responsible to analyze this packet. Then it forwards the packet to a sensor for inspection. The sensor searches for known attack patterns contained in the packet. If a pattern is found, then the packet is blocked, otherwise the packet is forwarded back to the network processor. The network processor receives the analyzed packet and transmits it to its destination.

License

Unfortunately, parts of the code running on the microengines of IXP1200 is not currently released due to licensing issues. Digenis partly uses microengine code provided by Intel and redistribution of this code is strictly prohibited. When i find some spare time i will try to rewrite the parts of Digenis that uses proprietary code. For the time being Digenis releases the object files of Microengine code that are not permitted to distribute.

However, if you have the microengine library code provided by Intel you can email it to and i will send you back the patched version. I am not a lawyer but i believe that this is not a violation of the Intel License.

Some parts of Digenis are released under the GNU General Public License and some other under The Trustees of Princeton University License.

News

  • Overview of Digenis on IXP1200 (Sunday 31-12-2007):

    IXP1200 cross GCC, IXP1200 microengine code and StrongARM code is released.

  • Overview of Digenis on PC (Saturday 30-12-2007):

    Versions of Snort with packet caching and ACK support are released.

  • Overview of Digenis tools (Monday 24-12-2007):

    I release these tools with the hope that will be useful to some people.

Copyright © 2007, Konstantinos Xinidis.

Last updated March 2008.

Motigo Webstats - Free web site statistics Personal homepage website counter
Free counter