Exploit-DB updates

Tuesday, December 7, 2010

IronGeek's DecaffeinatID

Well I've been playing around a bit with a windows VM that acts as a Honeypot/IDS for my network which I can remotely monitor with my Archos7 via VNC. One of the apps I've come across is "DecaffeinatID" which is a very simple IDS/ARP Watcher. I've never heard of it before and found it quite a nice addition to my arsenal so I figured I would spread the info. Here's alittle bit of info about it, taken from IronGeek.

This project started because I (IronGeek) wanted a simple ARP Watch like application for Windows. In a short matter of time, feature creep set in. DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of "reindeer games" that often happen at coffee shops and hacker cons. It's not meant to be a replacement for something more feature rich (but complicated) like Snort. DecaffeinatID watches the Windows logs for three main things and pops up a message in the Windows Systray when it sees any of the following

New or changed ARP table entries
Think of this as a poor man's ARPWatch for Windows. The IDS gives a special alert whenever it sees the MAC address of the IP gateway change.

New events in security log
This will let you know about attempted and successful logins, assuming you have set up auditing for such things in your local security settings.

New events in the firewall log
DecaffeinatID will read your Windows firewall log (if you have one) and list events


You can find more info here

No comments:

Post a Comment