Any free IDS avaliable?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Ive been looking for a free IDS(Intrusion Detection System) software for a long time.even posted in some big and well-known forums but never had any luck,so i thought maybe you guys knows any.is there any good free IDS out there?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Yep

Look no further

The industry standard IDS is completely free. There are windows ports available if you are Linuxally challenged.

 

Wow i didnt know snort have windows version too.thanks alot Zebluebu.

 

No worries

Winsnort is the most popular way of getting Snort up and running on Windows - you could do it all manually, but you may as well go for the all-in-one install pack on their site.

 

Ai ai man this is command-line tool.is there any GUI addon for it? or any other GUI IDS?
I really cant get along with coomand-line softwares.
Oh and by the way the file from snort.org is the same as the one in winsort.

 

What the hell is 'ai ai man'? You sound like my nephew ferchrissakes!

If you look at the documentation for Winsnort you will see that there is a graphial interface included for you to use (BASE).

I'm pretty sure there isn't a proper IDS available that is GUI-based and free.

Read through the guidelines for installing Winsnort - they're not too hard and will take you about two hours from start to finish. Every single step is detailed for you to follow along with.

 

Yeah right ,Maybe for the admin of the website it works.
from what i read they are just bunch of tools and addons gathered around but centralization is absent.theres no such thing as winsort as one tool and theres no step by step guide to their tools.each one have their own manual and details(so whats the point of advertisement in the first page of the website? ).
its just useless to newbies like me.
anyway the bASE is a front-end gui and webbased tool that can be installed on a MSSQL or MYSQL and im not gonna use my bandwidth and performance of my website for this and its useless to home/pc users.(i know its not use for a home user anyway and it should be planted on a network but still no use)
the only useful thing in their website is Honeynet Security Console and im gonna it out.

Thanks alot for info ZEB all the complains goes to their website not you ;)
anyway it would be lovely if someone could write a tutorial on how to put all of these together and making sense of them.and how exactly they can work together of course

 

Ummm...

As I said, they have a tutorial on the site which shows you step by step how to set it up.

this one is for MS SQL using IIS 5/6
this one is for MS SQL using Apache
this one is for MYSQL using IIS 5/6, and
this one is for MYSQL using Apache

Yes, you will have to manually edit your config file, but there isn't an IDS around that won't require some form of manual editing, and everything - EVERYTHING you need to know about getting snort up and running is in those guides. It is the single most useful reference available for running Snort on Windows. If you persevere and get it up and running, I will help you out with your rulesets.

As for it being 'useless' for home users - nothing could be further from the truth. I have Snort running on a box outside my router (in fact, just because I like to live on the wild side, its actually the windows-based version) and it is far from useless. It is an absolutely essential learning tool for anyone serious about security. Indeed, most commercial organisations don't run Snort - they will use an extremely expensive IDS, or one of Sourcefire's 'beefier' IDS/IDP tools. Why you would consider using Honeynet (which serves a completely and utterly different purpose from an IDS) is beyond me - maybe if you post back and let me know exactly what it is you're trying to achieve I might be able to help. Badmouthing the WinSnort folks is not on - they put a massive amount of time and effort into what is a completely free site - and as you can see by the number of times the installation guides have been viewed, it is an extremely useful resource.

 

Thanks for the info Zeb. It looks like they're doing a great job over there at winsnort. Makes me want to get one up and running, although I think I'll wait a while.

 

Ah nugg - do it, you know it makes sense!

Seriously, harden up a Windoze box and stick WinSnort on it and hub it outside your router/bastion firewall. You'd be a-m-a-z-e-d at some of the stuff it picks up!

Its really been a useful tool for me - I've shwon people some of the logs from it when I've run little impromptu training sessions for colleagues - they can't believe what goes on. Of course, it pays to keep your sig files updated, but thats not too onerous a task - hell I've even written a sig file to watch for traffic going OUT on specific ports so that you can keep a tab on what users are doing - especially useful if you run it on a mirror port INSIDE your LAN just before the firewall and look for MSN messenger traffic...

 

You know, dude - you took quite a lot of time to make some clear, concise posts in this thread. I have to say - if you aren't happy with responses that recommend putting in a little effort, then don't ask for help in the first place, man !!

This place is give and take - please remember that

 

Gav

Cheers for noticing!

 

Oh no man thats not what i was trying to say.i was just mad cause i couldnt make sense of the website.it makes me mad to see something that i cant learn or do thats just it.
I apologize if my words sounded OFFENSIVE.
Im actualy happy with the fact that you guys post responds so fast.my first fav forum that ive been using for 2-3 years never responds this fast even they have more than 110.000 users ;)

 

I need help.i cant seem to run snort in IDS mode.i was keep getting an error that it can not find local.rules file so i copied rules from the rulesets i got from winsnort.
Now i get this error:


Im running vista x86.