Virginia Tech DShield Distributed Intrusion Detection System
		Windows Clients
		These programs will allow you to configure your computer to automatically send your firewall log submissions to DShield automatically, with no manual intervention on your part. DShield Universal Firewall Client A Windows client program that supports Asante FriendlyNET, D-Link and SMC routers using RouterLog (See Kiwi section for newer Asante and D-Link routers) BlackIce PC Protection (formerly BlackIce Defender) Kerio (formerly Tiny) Personal Firewall Kerio (formerly Tiny) Software WinRoute Pro Kiwi Syslog Daemon Asante FriendlyNet VR2004AC, VR2004C Cisco ACL/IOS Cisco PIX D-Link DI-804V Linksys Router Smoothwall WatchGuard Linksys Etherfast Cable/DSL Router Microsoft ISA McAfee Firewall Norton Personal Firewall Sygate Personal Firewall Tiny Personal Firewall 4.0 Vicom Internet Gateway VisNetic (formerly Ambra) Firewall Watchguard Firebox (using Kiwi Syslog Daemon) Windows XP Internet Connection Firewall (ICF) ZoneAlarm Latest version:  1.1.2 November 18, 2003 03:04 pm EST   CVTWIN Changelog Download either CVTWIN-SETUP.EXE (2.0 megabytes) Complete install if you have never installed CVTWIN Please Read the Instructions to install the Windows based Dshield Client Click here for Installation instructions . or CVTWIN-UPDATE.ZIP (203 kilobytes) if you already have CVTWIN installed. Update instructions. CVTWIN Documentation How to configure specfic firewalls/routers to work with CVTWIN Third Party Programs that Submit Firewall Logs to DShield Cisco PIX firewall. Client to submit Cisco PIX firewall logs. Download win32pix.zip (November 18, 2003 03:15 pm EST) and unzip it. Further instructions can be found in README.TXT after unzipping the file. DIDSyslog is a Windows console daemon that intercepts Sonicwall syslog messages and can then submit them to DShield. Download DIDSyslog-v0.8.7.zip. (November 18, 2003 03:05 pm EST) View the DIDSyslog README file. Link Logger now supports submitting to DShield. Link Logger users can download the DShieldUp module from here. Link Logger supports Linksys, Prestige/Netgear, and ZyXel ZyWall routers US Robotics 8000 Broadband Router. Client to submit logs that are produced by this router. Download usrobotics.zip (November 18, 2003 03:15 pm EST) and unzip it. Further instructions can be found in README.TXT after unzipping the file. VisualZone Report Utility. It "is an intrusion analyser and report utility for ZoneAlarm and ZoneAlarm Pro." VisualZone has integrated support for DShield log submission. WallWatcher Linksys router users might be interested in using the WallWatcher log viewer. WallWatcher has its own DShield submission module, so you don't need a separate client. Watchguard users have three choices. You can use our CVTWIN, above, or you can use Peter Faltham's AWK client, or you can use Hans Sandsdalen's Perl script that was based on Peter's AWK client. The CVTWIN solution can be "set and forget" More info. But the AWK and Perl scripts can work either on *NIX or Windows. Perl and AWK are usually already installed on *NIX systems. You can get Perl for Windows from either CYGWIN or from ActiveState. Peter's client includes instructions for obtaining and installing AWK for Windows. Peter Feltham's AWK client that converts WatchGuard Firebox log files into DShield format and mails them to DShield. Download firebox.zip (November 18, 2003 03:07 pm EST) , unZip, and read AWKsystem-readme.txt for instructions. Hans Sandsdalen's Perl client that converts WatchGuard Firebox log files into DShield format and mails them to DShield. Download WG-Dshield.pl (November 18, 2003 03:15 pm EST) Instructions are included for configuring for a *NIX cron job. You probably can do the same thing with Window's Task Manager. ZoneLog ZoneAlarm users can use ZoneLog to analyze their logs. ZoneLog has DShield submission support built in. Set Your Time It is important for logging purposes that the clock on your machine be set as accuratly as possible. ISPs need accurate time information in log lines that are sent as abuse reports so that they can identify exactly when a suspected attacker was logged in. Configure your machine Check you machine to see that its time settings are configured properly. Open Control Panel -> Date/Time In particular, make sure that Time Zone and the daylight savings settings are configured correctly for your locale. Set your clock Use a time setting utility to syncronize your machine's clock with an external time server. I've had good luck with AboutTime, which is available from here. Use AboutTime's docs to configure it. To maintain your clock's accuracy, configure AboutTime to run from the taskbar and to periodically set the time. Put AboutTime in your Startup folder so it will be loaded when you boot. The AboutTime icon should appear in your System Tray. Syncronize to DShield Optional. For maximum accuracy use this special page to syncronize your machine's clock to DShield's clock. This page will leave a 'mark' in your firewall log which will be used to test your clock later as you submit the log. Important: Only access this page from your firewall machine. Click here to sync your log. (You only need to do this right after you have configured and set your clock. You don't need to do this every day.)
	[ Home | Login | What's New | Intro | Submit | Clients | Web Submission | All Reports | Links | About | Privacy ]

last update: 23/Nov/2009 10:51 DShield is a Servicemark of Euclidian Consulting