Patriot is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks.
Patriot monitors:
* Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered.
* New files in 'Startup' directories
* New Users in the System
* New Services installed
* Changes in the hosts file
* New scheduled jobs
* Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)
* Changes in ARP table (Prevention of MITM attacks)
* Installation of new Drivers
* New Netbios shares
* TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)
* Files in critical directories (New executables, new DLLs...)
* New hidden windows (cmd.exe / Internet Explorer using OLE objects)
* Netbios connections to the System
* ARP Watch (New hosts in your network)
* NIDS (Detect anomalous network traffic based on editable rules)
Reply With Quote
Bookmarks