Black Ice 3.6

Yes, I did try EagleX here myself. It installed and seemed to work fine, but was a little confusing to me since I know basically nothing about snort. Seemed like it was meant for use on servers(?) or maybe it turned my machine into a server(?) At any rate, it did appear to set up with a minimum of hassle. It's worth a look. I still have it here myself..

Regarding Tiny, yes, to set it up well it takes some time and patience. More than I have. But it's interesting to fiddle with if you're in the mood... and has some great features as well.

 

Do you have any idea what the problem here could be?

http://img122.exs.cx/img122/4873/config6qm.jpg

 

Sorry, no idea.. most of the stuff involved was beyond me. I decided that if I didn't understand it, then I didn't need it..

Maybe someone else here can help out though...

 

Both snort and idscenter have network access so it seems it's working but I have no way to see it working. I'll keep trying.

 

Previous thread on EagleX (a little bit anyway)...

https://www.wilderssecurity.com/showthread.php?t=68750

 

wow, i'm seeing nowhere near the mem usage you were. Snort is only 6mb and IDScenter is at 12mb (with gui displayed)

 

That's amazing.. Snort was really sucking up the ram on my machine. I'm running Win2k here, not XP, so maybe that makes a difference somehow. I just installed with all the defaults and checked ram usage and it all totalled around 70 mb. Very high...

Good that it's low on yours though.

 

Yet i'm still unable to address the config problem. I may just go back to two firewalls then. I want an easier IDS! I noticed that I can run BI's app control (radapp) without running BI. I wish I could do the same with the IDS component.
There's going to be some even nastier stuff coming up and I want to be geared up.

 

That's interesting.. BI's app control with CHX-I might be a good combo.. No IDS there though...

While you're experimenting, you should probably take a look at Tiny 6.5 Pro, just so you can say you've seen it.

 

Well, I already have PG so..... I really like Outpost (now that i'm used to it) so the only security app "missing" is IDS.

 

Check this thread:

https://www.wilderssecurity.com/showthread.php?t=57655&highlight=list free

Halfway down the list there's several IDSs and Snort related stuff. From around #29 onward...

 

You just have to ask yourself if it is something you really need in addition to those two?

Regards,

CrazyM

 

Well, I know it's not but all this is fun. I enjoy experimenting. The "F11" (true image) button can take me back to normal if need be.

 

Not that anyone around here is into tinkering

Regards,

CrazyM

 

Black Ice can be used in conjunction with Kerio 2.15 ? or Kerio alone is enuff..Kerodo or any other have tried the combo yet?

 

No idea... just using BI alone here...

 

I think i'll continue with the BI/Outpost combo for now as Outpost is not capable of picking up these red alerts this morning as BI did:

http://img103.exs.cx/img103/4171/red6fq.jpg

 

I have Realsecure Desktop installed and it doesn't seem to alert me when certian apps want to access the Internet. I saw that AnyDVD was updating, RSD didn't ask me if it could.

 

Neither will using Blackice alone. BI will take a baseline of all your present apps and allow network access (I think) which is why i'm using Outpost/BI combo.

 

Is there much point using BI with Sygate then?

 

I don't know. It depends on compatibility with SygaTe and what you want. So far, it's the only Ids I've been able to get to work.
Take a look at this. General firewalls do not detect intruders(?) to this extent (as far as I know) I have allowed port 4662 yet Black Ice detected "Queso scan" - whatever that is (I imagine a higher level scanner - enough to raise flags in BI to block), and blocked it regardless of port settings - something Outpost won't do (I think)



http://img188.exs.cx/img188/9789/scan8rh.jpg


Edit-

 

very good post guys. I just had to give BlackICE a go (after reading the thread mainly because of BI's Intruder/sion Detection). Could not find any other post where anyone tried Blackice with look'n'stop running, so I've decided to give it a go. I have not enabled application protection feature as I have ProcessGuard. So far no conflicts but I will post if there are.

Just one question though under the history tab in network traffic there seems to be nothing happening when I am online, is this ok? I have not changed any settings.

 

Sorry I can't help. I can only provide a screenshot of mine showing settings..er..setting.

http://img14.echo.cx/img14/787/wfm9yq.png

 

would appreciate it thanks

 

black ice updated. Here's the short list: