Re: Windows based (H)IDS

• Previous message: Mike Frantzen: "Re: Counter detect Network Sniffer"
• In reply to: Bugtraq storage account: "Re: Windows based (H)IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 1 Mar 2004 19:52:13 -0800 (PST)
To: bugtrak@iquebec.com, nergal@icm.edu.pl

Hi guys,

It may seems so obvious that snort library is very
useful for detecting network based attack (HIDS or
NIDS).

Anybody knows about any work on snort library? Last
time I checked it was only SNORTRAN by Fidelis
Security but it is a commercial product.

http://packetstormsecurity.nl/papers/IDS/SNORTRAN-wp.pdf

Regards,
Shaiful

--- Bugtraq storage account <bugtrak@iquebec.com>
wrote:
> Not as hard to get as one would think, as I have
> pretty much the same
> offering, not only free but also Open Source, along
> with other HIDS
> techniques than simply file integrity checking. I
> also made softwares for
> monitoring and analysing logs, so that other
> softwares can be added to the
> mix, like Snort for example, so it can be manageable
> over a network. I
> know there are other freely available HIDS softwares
> for Windows apart from
> the ones I've made (in some cases with the help of
> other people).
>
> I also happen to have commercial versions for most
> of these softwares, but
> Open Source software is something I truly believe
> in.
>
> I agree with you that Snort can be set for an
> individual NIC, using the -p
> option, which is great because it technically
> enables NIDS capabilities on
> a fully encrypted network, something we are still
> far from seeing as the
> norm. But still something interesting to
> contemplate.
>
> You should think about setting up a website for
> distributing your tools
> rather than by e-mail, it makes it easier for
> everybody, including you.
>
> My files can be downloaded from
> http://securit.iquebec.com/
>
> Adam Richard
> SécurIT Informatique Inc.
>
> At 02:28 PM 01/03/2004, Gregory Kane wrote:
>
>
>
> >Over a year ago I through together a quick HIDS,
> can be used as a NIDS or
> >DIDS, using Snort and a small, but efficient
> program called FileChecker.
> >As both are free, which is hard to get together in
> Windows, the cost is
> >the time to configure. If anyone is interested,
> send me an email off line
> >and I'll send you the basics of this. Yes, Snort
> can be set for an
> >individual NIC.
> >
> >
>
>---------------------------------------------------------------------------
> >Free 30-day trial: firewall with virus/spam
> protection, URL filtering, VPN,
> >wireless security
> >
> >Protect your network against hackers, viruses, spam
> and other risks with
> >Astaro
> >Security Linux, the comprehensive security solution
> that combines six
> >applications in one software solution for ease of
> use and lower total cost of
> >ownership.
> >
> >Download your free trial at
>
>http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
>
>---------------------------------------------------------------------------
> >
>
>_____________________________________________________________________
> >Un mot doux à envoyer? Une sortie ciné à organiser?
> Faites le en temps
> >réel avec MSN Messenger! C'est gratuit!
> http://ifrance.com/_reloc/m
>
> >
---------------------------------------------------------------------------
> Free 30-day trial: firewall with virus/spam
> protection, URL filtering, VPN,
> wireless security
>
> Protect your network against hackers, viruses, spam
> and other risks with Astaro
> Security Linux, the comprehensive security solution
> that combines six
> applications in one software solution for ease of
> use and lower total cost of
> ownership.
>
> Download your free trial at
>
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
>
---------------------------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------

• Previous message: Mike Frantzen: "Re: Counter detect Network Sniffer"
• In reply to: Bugtraq storage account: "Re: Windows based (H)IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows based (H)IDS ... so that other softwares can be added to the ... mix, like Snort for example, so it can be manageable over a network. ... >Security Linux, the comprehensive security solution that combines six ... (Focus-IDS) Re: Are there any other open sources IDS that not based on snort? ... Prelude is not based on the snort architecture, ... I am doing a research on network security concentrating on correlation ... (Focus-IDS) Re: Cisco vs. Snort ... > going Cisco vs. building a Snort system. ... whereas Cisco that is not the case. ... Most of our products on our network are ... That is probably not a very good idea to have every security related ... (Security-Basics) Re: Cisco vs. Snort ... > going Cisco vs. building a Snort system. ... whereas Cisco that is not the case. ... Most of our products on our network are ... That is probably not a very good idea to have every security related ... (Security-Basics) Re: Are there any other open sources IDS that not based on snort? ... > of data from security products already in the network. ... > find opensource IDS to run I would like different IDS to be difference ... > trying to find most of the opensource is based on snort (forgive me if I am ... (Focus-IDS)