Looking for something like Black Ice

[Linus_Torvalds]

I'd like to find something that I can use to notify my in realtime when unknown IP addresses attempt to make a connection.

There used to be a favorite firewall program called Black Ice that was amazing in its simplicity and useability during my Windows XP days.

I'm looking for more of a security app that has Wireshark packe sniffing capabilities.  Wireshark is only useful if you KNOW what you are looking for.

[netzwerg]

Are you talking about a host-based utility, or something to be deployed in your network?

If host-based, what is your target OS?

[Rainman_34]

The OS hosting your security software is very important as that will determine what recommendations you receive.  Personally I recommended running a Linux machine and using snort.

[gon]

black ice defender is eol - 10 years ago
i just noticed the software at that time because of its neuromancer-/Shadowrun-esque title. fond memories

i also remember that it was a pay-product.

but wasn't black ice just another firewall before the advent of SP2 for winXP?

a little bit of googling gives me the term "firewall with intrusion detection systems"

which leads to https://en.wikipedia.org/wiki/Intrusion_detection_system

where the aforementioned snort is also listed, which is besides the also listed prelude siem the only windows product in the list

Edited October 30, 2016 by gon

[digip]

sure the op didn't mean back orifice? and windows XP, are you from the past sir...The real Linux Torvalds might eat your face for not using Linux.

[Guest]

No, Black Ice is correct, I remember it, too. It was basically an os firewall. But it was extremely configurable. And very, very verbose output and logging. It would give popups like:

port 21 probe from ip address x.x.x.x

Winnuke attack from x.x.x.x

You could then manually choose to whitelist or blacklist this ip.  This was in an era that you got probed twice a day though, not every minute. 

I remember running it on win NT4. Ok that says something about my age  It was very cool, indeed including the neuromancer/Gibson name. I think the reason there is no such firewall now, might be because there's way to much traffic and portscans to be manually reviewed by the user. 

The OP might like to try zonealarm firewall. It has the same configurability and verbose output for outgoing programs and processes. 

[digip]

On 11/2/2016 at 6:15 AM, ɱax said:

No, Black Ice is correct, I remember it, too. It was basically an os firewall. But it was extremely configurable. And very, very verbose output and logging. It would give popups like:

port 21 probe from ip address x.x.x.x

Winnuke attack from x.x.x.x

You could then manually choose to whitelist or blacklist this ip.  This was in an era that you got probed twice a day though, not every minute. 

I remember running it on win NT4. Ok that says something about my age  It was very cool, indeed including the neuromancer/Gibson name. I think the reason there is no such firewall now, might be because there's way to much traffic and portscans to be manually reviewed by the user. 

The OP might like to try zonealarm firewall. It has the same configurability and verbose output for outgoing programs and processes. 

Yeah, it was more a joke and also something from way back in the day. I still remember talking to a kid at staples in the late 90's about this RAT.

https://en.wikipedia.org/wiki/Back_Orifice

Edited November 5, 2016 by digip