KFSensor Professional 4.10.0
Quick setup and classical-looking interface
The installation procedure does not take a long time time to finish. However, it requires a system restart. As far as the interface is concerned, KFSensor adopts a regular window with a plain and simple layout.
Set up the initial configuration via a wizard
At startup it pops up a wizard to guide you toward the initial configuration. So, you can select the port classes to include between the Windows workstations, server, Internet services and applications, along with Linux (services not usually found in Windows), Trojans and worms.
In the next steps you can choose ports with active native services, specify a domain name, as well as enable email notifications to send alerts (sender and receiver addresses).
In addition, it is possible to configure settings pertaining to the denial of service (controls how many events are recorded before the server is locked), port activity time (how long a port should indicate activity after an event), proxy emulation (controls if KFSensor is allowed to make limited external connections), and network protocol analyzer. Last but not least, you can install KFSensor as a systems service.
Examine and export event data, add visitor rules and scenarios
All events are shown in the main frame and you can study the start time, duration, protocol, sensor port, name, visitor, and signature message. Additional event details may be investigated as well as exported to file.
Plus, you can create visitor rules by indicating the IP range, host DNS name, protocol, sensor IP and port, visitor port, minimum and maximum number of allowed connections, actions (close, ignore) and severity level.
Moreover, you can create multiple scenarios, edit their properties and easily switch through them, create and configure signatures, alter DOS attack settings, log activity to file, and much more.
Evaluation and conclusion
There were no stability issues in our tests, since the app did not hang, crash or pop up error messages. Surprisingly, it uses low CPU and RAM, so it does not hog system resources. Thanks to its extensive range of options and configuration settings dedicated to protecting machines from Internet-based attacks, KFSensor Professional should meet the requirements of most users.
Reviewed by Elena Opris on September 19th, 2014
In a hurry? Add it to your Download Basket!
- UDP Handling
- The big change in this release is how KFSensor handles UDP traffic. In previous versions UDP was treated in much the same way as TCP. Both shared the same DOS limit and port scan settings. This worked reasonably well in the past, but the way UDP is being used has changed in recent years. This has resulted in much more UDP traffic being sent across local networks and led to a large number of unnecessary events being logged by KFSensor.
Application descriptionKFSensor Professional acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system ...