Intrusion detection programs?

Can anybody suggest a program with a good
intrusion detection engine?
I like the one with Norton Internet Security,
especially the log file that shows
each attempted breech,
but I don't like the rest of the program.

 

Give Sygate Personal Firewall Free a try.

 

Tried this once, worked well, a bit of a chore to remove. Go make a sandwich while his page loads

http://maxcomputing.narod.ru/ssme.html?lang=en

A good overview of it is here:

http://kareldjag.over-blog.com/article-343483.html

Tried to search for this here at MG, but if it's here, I couldn't find it.

If a firewall is what's in mind, I prefer Outpost.

http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html

 

No, not a firewall. The nis intrusion detection monitors things besides
ports. Like websites that try to take advantage of exploits like say for instance,
net bios.

 

star17, that prog looks like it might be exactly what
I had in mind. I'll give that a try, thanks.

 

Some free IDS are:

Prevx Home:
http://www.prevx.com/prevxhome.asp

Arovax Shield:
http://www.arovaxshield.com/

controlmind

 

Forgive me if this is a stupid question, but don't Firewalls (like Zone Alarm) provide this type of service. I know ZA will drive you mad with intrusion detections, unless you turn off the detection reporting feature.
Turning it off kinda defeats the purpose I guess, but it is much less annoying.
I think ZA should blink something just to show you that someone is trying to "get in", even if you have the reporting feature turned off.
Would help promote their product's effectiveness.
As it is now, out of sight, out of mind.

The Overview tab reports Blocked Intrusions, Inbound protection, etc.
Is this what you are after? Bazza
===

 

A-squared also has an Intrusion Protection System: http://majorgeeks.com/a-squared_a²_Personal_Edition_d172.html

 

I've enjoyed snort as a NIDS...www.snort.org
In combination with ACID acidlab.sourceforge.net and BASE (can't remember URL), they form a very powerful security suite.
Great apps!

 

Link to reviews of various IDS programs. Well worth reading, and considering.

http://www.techsupportalert.com/intrusion-detection-p2.htm

SSM current link, as quoted by star17, as at today, is now:

http://syssafety.com/product.html

New version of SSM, released 19/9/2005, as well. Bazza

===

 

Not exactly, no. Intrusions prevention can be more than just
blocking ports.
But I found a bunch of freeware apps that I'm going to try out
over the next couple of days.
WinPatrol, Prevx, the ssm one mentioned here,
IceSword from China looks promising for rootkits....

 

Please let us know what you try, and your opinions of them, after you have given them a good workout. Bazza

===

 

Will do. I gave Icesword a shot, but the file is a no-go for
some reason. I have Stuffit expander set for a rar file,
but it won't open the Icesword which is a rar file.
I donwloaded it twice to be sure.

Meanwhile I came across another rootkit detector
that's called "BlackLight" that loaded perfectly, but the
stand alone freeware version is only good until 10-1-05

The Prevx one which I see was also mentioned by controlmind,
seems to be an excellent intrusion prevention program.
I like the layout of it. Seems to be reasonably intuitive
and doesn't use up much resources.

 

icesword.I use it.A bit like process explorer/task manager.You can see kernel and driver modules too.Helps detect rootkits.But you have to analyse it yourself by watching processes.Prevx is good but I dont like it.Firewall is the best option for Intrusion detection.I have also tried blink from eeye digital security.

 

So you were able to get Icesword to install?
Maybe I need to update my Stuffit expander.

I disagree with the Firewall comment though, there are so many
attacks that don't have anything to do with portal hacking.
Rootkits are a perfect example of that. Prevx has a list of
intrusions a half page deep that it protects from, none of which
have anything to do with portal attacks.

 

Some Firewalls provide both incoming (almost always port attacks) and outgoing attempts (which usually don't involve port attacks). All good FW proggies provide both inbound and outbound protection - ZA, Sygate, Outpost (but not the M$ built-in FW nor Black Ice).

.bh.

 

Different strokes ( read programs), for different folks. It all makes interesting reading, though.
Keep us updated. I'd like to try SSM, but don't know whether I have the grey matter to understand it. Bazza