1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Any free IDS avaliable?

Discussion in 'Software' started by Woomera, May 29, 2007.

  1. Woomera

    Woomera Bit Poster

    14
    0
    31
    Ive been looking for a free IDS(Intrusion Detection System) software for a long time.even posted in some big and well-known forums but never had any luck,so i thought maybe you guys knows any.is there any good free IDS out there?
     
    Certifications: MCP 70-210 70-290
    WIP: MSCE 2003
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yep

    Look no further

    The industry standard IDS is completely free. There are windows ports available if you are Linuxally challenged.
     
    Certifications: A few
    WIP: None - f*** 'em
  3. Woomera

    Woomera Bit Poster

    14
    0
    31
    Wow i didnt know snort have windows version too.thanks alot Zebluebu.
     
    Certifications: MCP 70-210 70-290
    WIP: MSCE 2003
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    No worries

    Winsnort is the most popular way of getting Snort up and running on Windows - you could do it all manually, but you may as well go for the all-in-one install pack on their site.
     
    Certifications: A few
    WIP: None - f*** 'em
  5. Woomera

    Woomera Bit Poster

    14
    0
    31
    Ai ai man this is command-line tool.is there any GUI addon for it? or any other GUI IDS?
    I really cant get along with coomand-line softwares.
    Oh and by the way the file from snort.org is the same as the one in winsort.
     
    Certifications: MCP 70-210 70-290
    WIP: MSCE 2003
  6. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    What the hell is 'ai ai man'? You sound like my nephew ferchrissakes!

    If you look at the documentation for Winsnort you will see that there is a graphial interface included for you to use (BASE).

    I'm pretty sure there isn't a proper IDS available that is GUI-based and free.

    Read through the guidelines for installing Winsnort - they're not too hard and will take you about two hours from start to finish. Every single step is detailed for you to follow along with.
     
    Certifications: A few
    WIP: None - f*** 'em
  7. Woomera

    Woomera Bit Poster

    14
    0
    31
    Yeah right :blink ,Maybe for the admin of the website it works.
    from what i read they are just bunch of tools and addons gathered around but centralization is absent.theres no such thing as winsort as one tool and theres no step by step guide to their tools.each one have their own manual and details(so whats the point of advertisement in the first page of the website? :blink ).
    its just useless to newbies like me.
    anyway the bASE is a front-end gui and webbased tool that can be installed on a MSSQL or MYSQL and im not gonna use my bandwidth and performance of my website for this and its useless to home/pc users.(i know its not use for a home user anyway and it should be planted on a network but still no use)
    the only useful thing in their website is Honeynet Security Console and im gonna it out.

    Thanks alot for info ZEB all the complains goes to their website not you ;)
    anyway it would be lovely if someone could write a tutorial on how to put all of these together and making sense of them.and how exactly they can work together of course
     
    Certifications: MCP 70-210 70-290
    WIP: MSCE 2003
  8. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Ummm...

    As I said, they have a tutorial on the site which shows you step by step how to set it up.

    this one is for MS SQL using IIS 5/6
    this one is for MS SQL using Apache
    this one is for MYSQL using IIS 5/6, and
    this one is for MYSQL using Apache

    Yes, you will have to manually edit your config file, but there isn't an IDS around that won't require some form of manual editing, and everything - EVERYTHING you need to know about getting snort up and running is in those guides. It is the single most useful reference available for running Snort on Windows. If you persevere and get it up and running, I will help you out with your rulesets.

    As for it being 'useless' for home users - nothing could be further from the truth. I have Snort running on a box outside my router (in fact, just because I like to live on the wild side, its actually the windows-based version) and it is far from useless. It is an absolutely essential learning tool for anyone serious about security. Indeed, most commercial organisations don't run Snort - they will use an extremely expensive IDS, or one of Sourcefire's 'beefier' IDS/IDP tools. Why you would consider using Honeynet (which serves a completely and utterly different purpose from an IDS) is beyond me - maybe if you post back and let me know exactly what it is you're trying to achieve I might be able to help. Badmouthing the WinSnort folks is not on - they put a massive amount of time and effort into what is a completely free site - and as you can see by the number of times the installation guides have been viewed, it is an extremely useful resource.
     
    Certifications: A few
    WIP: None - f*** 'em
  9. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Thanks for the info Zeb. It looks like they're doing a great job over there at winsnort. Makes me want to get one up and running, although I think I'll wait a while.:oops:
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  10. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Ah nugg - do it, you know it makes sense!

    Seriously, harden up a Windoze box and stick WinSnort on it and hub it outside your router/bastion firewall. You'd be a-m-a-z-e-d at some of the stuff it picks up!

    Its really been a useful tool for me - I've shwon people some of the logs from it when I've run little impromptu training sessions for colleagues - they can't believe what goes on. Of course, it pays to keep your sig files updated, but thats not too onerous a task - hell I've even written a sig file to watch for traffic going OUT on specific ports so that you can keep a tab on what users are doing - especially useful if you run it on a mirror port INSIDE your LAN just before the firewall and look for MSN messenger traffic...
     
    Certifications: A few
    WIP: None - f*** 'em
  11. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    You know, dude - you took quite a lot of time to make some clear, concise posts in this thread. I have to say - if you aren't happy with responses that recommend putting in a little effort, then don't ask for help in the first place, man !!

    This place is give and take - please remember that :thumbleft
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  12. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Gav

    Cheers for noticing!
     
    Certifications: A few
    WIP: None - f*** 'em
  13. Woomera

    Woomera Bit Poster

    14
    0
    31
    Oh no man thats not what i was trying to say.i was just mad cause i couldnt make sense of the website.it makes me mad to see something that i cant learn or do thats just it.
    I apologize if my words sounded OFFENSIVE. :(
    Im actualy happy with the fact that you guys post responds so fast.my first fav forum that ive been using for 2-3 years never responds this fast even they have more than 110.000 users ;)
     
    Certifications: MCP 70-210 70-290
    WIP: MSCE 2003
  14. Woomera

    Woomera Bit Poster

    14
    0
    31
    I need help.i cant seem to run snort in IDS mode.i was keep getting an error that it can not find local.rules file so i copied rules from the rulesets i got from winsnort.
    Now i get this error:
    [​IMG]

    Im running vista x86.
     
    Certifications: MCP 70-210 70-290
    WIP: MSCE 2003

Share This Page

Loading...