Irongeek

Looking for a Windows Systray IDS

7 posts in this topic

Hi all. A few years ago I used a simple FW/IDS called BlackICE that would sit in the Windows system tray and message you when things happened. Does something like that still exist that is free/open source? Some of the things I'd like it to report to me in real time are:

ARP poison attempts.

Post scans.

Failed logins.

That sort of thing. Any ideas?

0

Share this post


Link to post
Share on other sites

not exactly what you're looking for, but- you may want to see if your router supports syslog then run something like 'Kiwi Syslog Daemon' on your pc to receive the logs, then configure the alerts as needed

0

Share this post


Link to post
Share on other sites
snort/ www.snortsam.net

That isn't a very lightweight solution though right?

Browsing through the docs I am led to believe you need a snort server running on the network?

0

Share this post


Link to post
Share on other sites

no snort is a perfect solution, snort is extremely lightweight and configurable. You can use only the signatures you want and check the thing that you want.

You can have a look at sourceforge and freshmeat , there are many free projects that they can help you to add customized functionalitys in snort.

or if you want you can make a simple c/c++ application that can check the snort log according to priority of events or anything else and then alert you.

From my experience this is extremely easy in java using swing for gui.

Snort is great!!!

cheers

0

Share this post


Link to post
Share on other sites
no snort is a perfect solution, snort is extremely lightweight and configurable. You can use only the signatures you want and check the thing that you want.

You can have a look at sourceforge and freshmeat , there are many free projects that they can help you to add customized functionalitys in snort.

or if you want you can make a simple c/c++ application that can check the snort log according to priority of events or anything else and then alert you.

From my experience this is extremely easy in java using swing for gui.

Snort is great!!!

cheers

I think you just confirmed what I was asking... The OP was asking for a small IDS that runs in the systray. Having to build and deploy a sn0rt boxyadda yadda yadda is a bit more complex then installing a systray app in windows. I guess thats where I'm coming from.

0

Share this post


Link to post
Share on other sites

snort is simple it will just take some configuration to know for what to look.

im just mentioning all the other things just to prove that if he wants smth more, than the basic he can have them

cheers!

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now