HenWen
HenWen 2.1.2
Your rating: Now say why...

(4) 4.75

Network security package runs Snort.   Free
Add to my Watch List
Email me when discounted
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary.

A NIDS has a number of practical uses on a network. For people that use Mac OS X Server or otherwise provide network services with their Macs, a NIDS will inform the administrator that someone from a
What's New
Version 2.1.2:
  • Restored compatibility with Mac OS X 10.2.x.
  • Fixed a problem which made it impossible to edit variables and rules under Mac OS X 10.4.x.
  • The "Launch Snort as a startup item" menu item works again under Mac OS X 10.4.x.
Requirements
PPC, Mac OS X 10.2 or later







  • Mocha
    +2

  • Snort
    +1
HenWen User Discussion (Write a Review)
ver. 2.x:
(4)
Your rating: Now say why...
Overall:
(5)

sort: smiles | time
burypromote
+2

+1

Name reviewed on 13 May 2006
This is the best firewall, intrusion detection and handling as well as notification and logging tool for the Mac OS X. It has more features and more flexible features as NetBarrier from Intego software. It is free and based on a strong development behind Snort, it uses rules update feature, database logging, notification system, menubar item for quick access, and this is now very important: A 73 pages documentation with great explanations in every cases written in a non-geeky language. This my indispensable security solution for my internet and network activity.

I can only strongly encourage to use this system, I my self am a developer, and traditional Macintosh user since Mac OS 7.

This tremendous work beats all commercial products with it's community and software development as well as support. It should win the Apple Design Award.
[Version 2.1.2]


burypromote
-5


Anonymous reviewed on 25 Apr 2005
GEEZ,
If I wanted all this garbage taking up valuable recources I would switch back to my full of security holes M$ XP machine which had AV ASW ATW ACB HOST FW DFW Cleaner DASW running which a hem never fixed corrected or really protected me any of those issues. Get real!
[Version 2.1.1]

3 Replies

burypromote
+1
Anonymous commented on 27 Apr 2005
So, umm... have you actually tried to use this and see if it will work (and how much it might or might not bog down your system)... or are you just complaining because your Windows setup didn't work the way you wanted it to work?
burypromote
+2
Anonymous commented on 20 Jun 2005
Obviously you haven't a clue what this is for. If you run your own server and don't want to shell out big bucks, Snort is a very potent intrusion detection system (you DO know HenWen is a front end for Snort, right? You DO know that Snort is a cross platform tool that this developer has kindly made a simple (i.e. something even a clueless individual... ahem... could configure) interface to, right?).

You will probably never have any issues a la intrusion but Snort exists to give web admins peace of mind (as well as a tool to track those bad guys who DO try to screw with you).
burypromote
+1
Anonymous commented on 04 Oct 2005
Silly grownups, NIDS is for KIDS! Morons need not apply.
burypromote


Anonymous reviewed on 30 Dec 2003
I can't seem to get letterstick to open in 10.3.2. I get a message saying error2 'either you're not logged in as administrator or you don't have NIDS running'. How do I know if NIDS 'SNORT' is running? When in HENWEN, I click in the menu bar to run NIDS. It comes back and says successful. What can I be doing wrong?
[Version 2.0.4]

1 Reply

burypromote
Anonymous commented on 15 Jul 2005
You might try opening a terminal and do a ps -aux |grep snort or just type "top" and look for the process.
burypromote


Anonymous reviewed on 07 Oct 2003
Thanx anon for the answers to most of my questions. Thanks for the tip on nMapFE - very cool tool. I'm not in the expert league and did not find the snort documentation that easy to understand - especially configuring the "network" tab - thats MY problem ofcourse!

Anyway - I am on an Airport network with an IP like 10.0.1.20. Having setup Henwen(and letterstick) to run on en1 (would not accept en0,en1) - I tried to use nMapFE on that IP - but got no alerts! Can I not run the scan from the same computer?
Thanks!
[Version 2.0.1]


burypromote


Anonymous reviewed on 02 Oct 2003
alexmathew:

1. quitting HenWen does _not_ stop Snort. you can start/stop it from within HenWen, though

2. the logs are placed in /var/logs/snort/

3. that's ok. if there haven't been alerts, there isn't an alert log :)

4. you can use a port scanner/sniffer like NmapFE on your own IP

5. en0 is your primary ethernet card (built-in ethernet). if you use airport to connect to the internet, you must configure HenWen to en1 (typically), for modem ppp0 .... etc.

Also: To have LetterStick alert you, you must configure snort output to 'Log alerts to a Unix socket'

RTFM! - You should really read the (excellent!) documentation :)
[Version 2.0.1]


burypromote


Anonymous reviewed on 30 Sep 2003
The interface (and price) looks good.
However:
1. When I quit HenWen, is NDIS and Snort still running?
2. Where are the logs placed? How can I see it from within HenWen?
3. With LetterStick installed, I still cannot see Snorts Alert Log (I have had no alerts) - it opens a terminal, asks for my password and then nothing. Is this OK?
4. How can I test HenWen ?
5. I get these messages in console - is this Ok or is there a problem?:

OpenPcap() device en0 network lookup: en0: no IPv4 address assigned

HenWen[1854] *** -[NSCFArray objectAtIndex:]: index (-1) beyond bounds (2)

Any information is appreciated.
[Version 2.0.1]


burypromote
+1


Anonymous reviewed on 26 Sep 2003
A very well designed front end of Snort and more!

A full-fledged Intrusion Detection System which is easy to use and highly configurable.

And it is free for personal use!

The LetterStick application is a great addition, although the colorful icon is a bit disturbing in the menu bar. Still better than having it in the dock, though :)

Maybe a black&white option, soon?

Also, it would be nice if there was an installer for the log rotation feature.
[Version 2.0]


burypromote


Anonymous reviewed on 07 Aug 2003
one of the best icons for an app i have seen!

oh. cool app too :)
[Version 2.0]


burypromote


Anonymous reviewed on 23 Apr 2003
Awsume GUI to snort!
[Version 2.0]


burypromote


Anonymous reviewed on 21 Jun 2002
A must-have package for every mac serving on the internet, an even users with permanent connections. Easy to use and understand. Includes the snort inside, along the rules, manuals, etc... an all in one package for detection of network intrussions.
[Version 1.0.1]


burypromote
Thomas Dyhr had trouble on 13 Nov 2003
Henwen 2.0.2 crashed on 2 different Mac OS 10.2.8, so I unfortunately had to revert to 2.0!
[Version 2.0.2]

1 Reply

burypromote
Anonymous commented on 16 Nov 2003
Here follows the trick I applied to make HenWen work on Mac OS X 2.0.8.

The snort binary (HenWen.app/Contents/MacOS) that comes with HenWen 2.0.3 is targeted for Panthor. I replaced the snort binary with the one that I built myself (download the source; ./configure; make and you find a new binary under the src directory).

One trick is to disable the "Perform security checks on executables and scripts" check that you find in HenWen preference panel.
There are currently no ratings. Write a comment or review now.

Downloads:19,024
Version Downloads:7,429
Type:Utilities : Security
License:Free
Date:20 Jun 2005
Platform:PPC 32 / OS X
Price:Free0.00
Overall (Version 2.x):
Features:
Ease of Use:
Value:
Stability:
Displaying 1-10 of 10
Displaying 1-1 of 1
-
-
-
Please login or create a new
MacUpdate Member account
to use this feature
Watch Lists are available to
MacUpdate Desktop Members
Upgrade Now
Install with MacUpdate Desktop.
Save time moving files & cleaning
up space wasting archives.
HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System (NIDS). HenWen's goal is to simplify setting up and maintaining software that will scan network traffic for undesirable traffic a firewall may not block. Everything you need to have is bundled in; there is no compiling or command line use necessary.

A NIDS has a number of practical uses on a network. For people that use Mac OS X Server or otherwise provide network services with their Macs, a NIDS will inform the administrator that someone from a specific place on the network is trying to scan the server for possible vulnerabilities, or try to compromise security. A NIDS can also scan the network for bad TCP or ICMP traffic, or traffic that suggests someone on the network (or the local computer) is trying to do something that the network administrator does not want them doing (ie. trading pirated software or using software they're not supposed to be using). While a NIDS is mainly used by network administrators, a NIDS is also a useful thing for home users to have as well, especially for home users who are always connected to the Internet and/or have a home network installed.


- -