Has anyone here used Eagle X? If so, any comments on it? Is this something that can be run on a workstation? Or am I missing the point of it altogether? I don't know much about Snort or IDS's... http://www.engagesecurity.com/products/eaglex/
This seems similar to a program I have used called KFSensor, you might want to look this up in google as it may be a little more user friendly. Homepage: http://www.keyfocus.net/kfsensor/ Jimbob
That's the feeling I got too.. I'm afraid to install it. Maybe I'll wait until right before my next reformat before trying it...
Was on the lookout for a IDS system, decided to give Eagle and Protowall a try, both are based on SNORT and therefore would be truly a good solution to my security needs. The problem is that both use Kernel level drivers for packet filtering and are a pain to use, both their drivers refused to install on my Win2K SP4 so the final solution was to use the latest PG2 beta 2 which works flawlessly when properly set up with Block List Manager.
Kerodo, If you have a fast connection, give it a try as it is a 15mb download, otherwise stick to Peer Guardian 2 beta 2 with Blocklist Manager. I find Kernel level drivers from non MS sources are always a pain to install.
I don't get it exactly. Why is pg2 with blocklist manager an IDS? Are you just setting up a list of spyware url's to block?
Technically PG is not a IDS, but then the Blocklist is updated frequently and contains a comprehensive list of rogue, Trojan and other undesirables,block all of them and you have yourself a surefire way of snoop prevention. Add Prevx to that list and you have yourself a good solution and that too free.
Yep, I have cable here and have already d/l'd it. I may try it right before my next reformat. Right now though, I'm set for the moment and don't want to disrupt things here.
Looks like it's mostly for P2P users who want to block the RIAA and similar "threats" to P2P users.. If you don't use P2P much, then it's usefulness is probably limited. No?
I agree that Peer Guardian is mostly a p2p thing. You can set it up to block http, but a host list could do the same thing and will have all of the spyware sites in it.
PG 2 with all the lists loaded is quite formidable, huge list of ad wares, snoop wares, trojans, .gov as well as other marketing sites are all blocked from snooping in your PC and you get a nice list of the currently blocked IPs.
Well, I finally got around to installing this Eagle X package. The install went fine and everything appears to be working ok. But I must admit that I have no idea what I'm looking at... I guess it'll be a learning experience. I'll probably run it for a few days to a week and see what happens. The only downside to it seems to be it's ram usage. Snort itself is using 40 megs of ram, and all items in the package combined use around 71 megs total. Fortunately I have ram to spare, but for some this wouldn't be a workable solution. No errors or problems so far though with the install or operation... Looks very configurable and cool.
K- 70 mb! Why don't you get some junked out P2 and run Smoothwall or something like that on it. Just build a souped up Linux gateway. If you can get snort working that is quite a trick. Totally not practical on a home PC, but an achievement none the less.
Yep, snort seemed to work fine. I didn't have to do a thing either. The package installed and set everything up completely. It does seem to be for servers though. I also had Jetico running and began to see weird incoming stuff from my own address to other IPs on port 80 being blocked by JPF. So I'm not sure what the heck I had going there.. But it was interesting for a few hours. I reformatted tonight and installed Outpost. I'll probably run that for a while now until the next Jetico comes out...
Since you do so many formats and re-install, have you heard about Driver Genius Pro from http://www.driver-soft.com/
My goal is to go 6 months on a complete format and windoze install. At about 3 months right now, and not certain it will make it.
I have to admit that I'm a bit fanatic about reformatting.. I do it way more than necessary. I like the feeling of having a clean install and not having to worry about any conflicts caused by previous programs installed, and so on. Just recently I started slowing down and now I plan to just do it only when absolutely necessary. But sometimes a program really invades the system (like this Eagle X thing) and so I want to remove all traces of it by reformatting. Hopefully I'll go several months now without doing it again.
Glad you liked the Driver Genius Pro, in case you are a sys admin who has to install many PCs over the network with different h/w configs, it is a true boon.
HI all! Kerodo, what you are seeing with all that traffic from your system, is Snort looking for either MYSQL or an APACHE server. If you turn all that off and place your loopback (127.0.0.1) in the 'whitelist' it should stop doing that. That is a normal response... BTW: I have created two setup docs on how to set up Snort as an IPS/IDS using Snortsam & Snort, without all the overhead at SSC: For CHX-I http://www.fluxgfx.com/ssc/showthread.php?t=50 8Signs http://www.fluxgfx.com/ssc/showthread.php?t=29 IMO, it is not necessary to install and utilize Snort if you are not behind a dedicated server. The only reason I use it is to scan and auto-block on my FTP server... But, if you like to check what kind of traffic is being seen going through your NIC, please by all means... CU Jazzie
Thanks for the explanation Jazzie and the links. That makes a little more sense now. There was both Apache and Mysql installed. I concluded that it was all a little beyond me and that I probably didn't need it, but it's interesting..