Homepage INAIC    
   
   

Link to the official TLD Registrars TLD Registrars
Link to Global TLD Whois Global TLD Whois
Link to the Public-Root Root-Servers Public-Root Servers
Link to the Public Internet Service Providers Public ISPs
Link to Link to TLD-News TLD-News
Link to the Public-Discussions List TLD Discussion List
Link to Tools and Software Tools and Software
Link to Uniform Corporate Domain Authority UCDA
Link to the International Security Agency Multilingual TLDs
Link to the INAIC Volunteers The INAIC Volunteers
Link to Frequently Asked Questions FAQ
Link to Technical Support Technical Support
Link to contact the Internet Names Authorization & Information Center (INAIC) Contact
Next Section
IASON.


What is IASON?
IASON is a Root Server Defense System designed to analyze data streams and recognize attacks. IASON works in conjunction with a network firewall and IDS (Intrusion Detection System) software to block attacks while allowing legitimate requests to reach the root name server.

IASON watches traffic destined for the root name server firewall. In most cases IASON is installed on a server running the IDS (Intrusion Detection System) software. There it reads log files and monitors network interfaces for traffic between the root name server firewall and local router.


The IASON project is dedicated to the development of an intelligent agent and knowledge system that intuitively detects and responds to attacks. When IASON detects an attack in progress it contacts the firewall and issues a set of instructions designed to exclude a single attacker or an entire network.

Where else can IASON be installed?
IASON can be installed on any workstation, server or router running the Linux operating system. IASON can be installed on other Unix systems with some modifications.

What can IASON do right now?
IASON is a suite of programs that support log analysis. These programs are designed to easily integrate with numerous log systems. System logs like “/var/log/messages”, or CISCO router, firewall and even switch logs are IASON compatible.

IASON works as a log filter much like the Unix grep command is used to filter text files. IASON can even read the “/proc” file system. As IASON analyzes log files it compresses the data into a format that is readable to a prolog interpreter.

The IASON Programs
proc2pl is a program that reads the “/proc” file system. It identifies the host where IASON is installed, discovers static and dynamic routes affecting that host and lists the Ethernet addresses seen by the local network interfaces.

msg2pl is a filter program used to pipe “/var/log/messages” into text files. The msg2pl program filters out log messages that signify unusual activity. Those messages are then formatted for further processing.

pl2txt is program that makes IASON's output human-readable.

http2pl is another filter program to process Apache log files.

IASON data
The data stored by IASON includes IP addresses, MAC addresses and port numbers. IASON stores this information in a specific format. Example, an IP-address like “123.4.56.7” would be stored as “IP123004056007”, and a MAC-address like “12:3:45:67:8:9” would now be “MAC120345670809”.

Port numbers like 23 udp or tcp are stored as “PORT00023”. pl2txt is used to translate this record format back into standard form like “123.4.56.7”, “12:03:45:67:08:09” and “23”.

Here is an example of some typical records processed using pl2txt. All records are on a single line, split only for readability

host_type("echnaton","(none)","Linux echnaton 2.2.19 #15").

route_static("192.168.208.0","0.0.0.0","255.255.255.0","echnaton","eth0").

host_name("192.168.208.0","niflheim").

host_name("192.168.48.1","sid.lomiheim").

host_alias("sid","sid.lomiheim").

route_cache("217.82.158.94","192.168.48.1","192.168.48.228","echnaton","eth0").

ether_addr("00:0B:82:02:04:32","192.168.48.1","echnaton","eth0").

packet_reject("Feb-7","20:35:18","5000","tcp","217.82.240.42","192.168.48.228").

icmp_port_unreachable("Feb-7","21:04:56","192.168.20.226","192.168.20.228","192.168.20.226","53","34271").

ftp_connect("Feb-7","20:08:36","echnaton.lomiheim").

ssh_scanned("Feb-7","17:52:46","200.123.130.197","217.95.34.224").

icmp_ping("sz=64(+20)","Feb-7","15:58:15","192.168.20.228").

icmp_pong("192.168.20.228","15:58:14","Feb-7").

The Future of IASON
Future implementations of IASON will include a telnet client and TFPT server. This would facilitate users of IASON to easily connect to and configure CISCO hardware without having to lug around laptops and serial cables.

The integration of TFTP in IASON also supports the remote automated configuration and retrieval of log files from CISCO routers. IASON uses telnet and TFTP to save or restore configuration data and dump log files from CISCO equipment.

The management interfaces, TFTP and telnet services used by IASON are run on local private IP addresses (RFC 1918). IASON traffic is secure and blocked at the router and never leaves the local area network.

Who is the owner of IASON and its licenses?
The INAIC and Peter Dambier are joint owners of IASON. The INAIC is the official home of IASON. The license applicable to IASON is GNU Copyleft.

You are welcomed to help us develop IASON and improve on it, provided that any changes are made publicly available under the GNU Copyleft provisions.

Next Section
Next Section

INAIC | UN1D | TLD.NAME | Public-Root | UCDA
 
  * The INAIC is the representative body for the next generation Internet DNS system globally supported by Public-Root, UN1D, TLD.NAME, UCDA, and many more.
Copyright ©2004 - 2015 by the Internet Names Authorization & Information Center (INAIC). All rights reserved.