Full Disclosure mailing list archives

Re: IDS for Windows

From: Ron DuFresne <dufresne () winternet com>
Date: Tue, 10 Aug 2004 00:12:49 -0500 (CDT)


I think one can still find portmon, and perhaps a few others, did you try
a google search prior to asking here??  That's a prime place to start,
then perhaps rephrase here asking for experiences others have had with a
few products you find and are interested in/fits your needs/abilities?

One thing about a number <most?> IDS ir portmonitoring software, they tend
to show the ports they monitor for activity/action as being "open", this
will attract a tad more attention to the systems they are placed upon,
much as a honeypot will.  Better to lock down exposed systems in most
cases with a firewall that actually drops or denies all connetion/probe
attempts to unwanted exposures.  Firewalling remains the most effective
primary besides just uninstalling or not installing in the first place,
services un-needed and/or not-understood.

IDS systems tend to take alot of care and feeding to make real use of them
in an unwastfule manner, and they are best placed behind a firewall as one
more additional warning layer should the firewall incorrectly fail-open,
or die, or not start, or somehow miss something your security policy
dictates.  Palcing a IDS at the frontgate tends to make them so noisy that
they are soon ignored anyways...

Thanks,

Ron DuFresne

On Tue, 10 Aug 2004, Carsten Ruckelshausen wrote:

Hi,

i'm looking for a Intrusion Detection System (host and/or net) for Windows.
It should be Free or Shareware and perhaps it could work in a Windows/Linux
network.

Any idea ?


Bis denn dann,

Carsten
------------------------------------------------
e-mail:  carsten () sgcr net
www:     www.sgcr.net
mobil:   +49-173-2137083
fax:       +49-6403-96187
------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

IDS for Windows Carsten Ruckelshausen (Aug 09)
- Re: IDS for Windows Kyle Maxwell (Aug 09)
- Re: IDS for Windows Ron DuFresne (Aug 09)
- Re: IDS for Windows Harlan Carvey (Aug 10)
- <Possible follow-ups>
- Re: IDS for Windows Carsten Ruckelshausen (Aug 10)