Windows Clients

These programs will allow you to configure your computer to automatically send your firewall log submissions to DShield automatically, with no manual intervention on your part.

• DShield Universal Firewall Client A Windows client program that supports
  • 8Signs Firewall
  • Agnitum Outpost
  • AnalogX PortBlocker
  • Asante FriendlyNET, D-Link, U.S. Robotics, and SMC routers using RouterLog (See Kiwi section for newer Asante and D-Link routers)
  • BlackIce PC Protection (formerly BlackIce Defender)
  • eSoft Instagate Firewall
  • Kerio (formerly Tiny) Personal Firewall
  • Kerio (formerly Tiny) Software WinRoute Pro
  • Routers and Firewalls using Kiwi Syslog Daemon
    • Asante FriendlyNet VR2004AC, VR2004C
    • Billion
    • Bintec
    • Buffalo
    • Checkpoint VPN-1 Edge
    • Cisco ACL/IOS
    • Cisco PIX
    • Clavister Firewall
    • D-Link Router
    • Fortigate
    • Gentek Router
    • IPChains
    • IPTables
    • Linksys Router
    • Level One
    • Netgear Router
    • Netscreen
    • Netopia Router
    • SMC Router
    • Smoothwall
    • Sonicwall
    • WatchGuard
    • Zyxel XyWall Router
  • Linksys Etherfast Cable/DSL Router
  • Microsoft ISA
  • McAfee Firewall
  • Norton Personal Firewall
  • Snort
  • Sygate Personal Firewall
  • Symantec VelociRaptor Firewall
  • Tiny Personal Firewall 4.0
  • Vicom Internet Gateway
  • VisNetic (formerly Ambra) Firewall
  • Watchguard Firebox (using Kiwi Syslog Daemon)
  • Wingate Proxy Server
  • Windows XP Internet Connection Firewall (ICF)
  • ZoneAlarm

  Latest version:  2.0.22 November 18, 2009 08:17 pm UTC   CVTWIN Changelog

  Download either
  

  CVTWIN-SETUP.EXE (2.2 megabytes) Complete install if you have never installed CVTWIN.
  MD5SUM: 79c279f429124f2c720213085db02175 cvtwin-setup.exe
  Installation instructions.
  
  or
  CVTWIN-UPDATE.ZIP (333 kilobytes) if you already have CVTWIN installed.
  MD5SUM: 86c92e690848ce24473b9f53e5d3930e cvtwin-update.zip
  Update instructions.
  

  But Set your computer's time before you go any farther.

  CVTWIN Documentation

  How to configure specfic firewalls/routers to work with CVTWIN

  Warning! People have been reporting problems with incomplete downloads when downloading with Internet Explorer. Use md5sum to verify that your download is complete. Alternately, try using another browser, such as Mozilla Firefox.

  CVTWIN-SETUP.EXE is currently about 2.2 megabytes in size. If Internet Explorer reports a download size of 100-200 kilobytes, you know that you have a problem.

  If you have problems downloading no matter what browser you are using, try clearing your browser's cache.

• Cisco PIX firewall. Client to submit Cisco PIX firewall logs. Download win32pix.zip (January 11, 2007 02:25 am UTC) and unzip it. Further instructions can be found in README.TXT after unzipping the file.

• DIDSyslog is a Windows console daemon that intercepts Sonicwall syslog messages and can then submit them to DShield. Get it from here. View the DIDSyslog-README.txt file.

• Link Logger now supports submitting to DShield. Link Logger users can download the DShieldUp module from here. Link Logger supports Linksys, Prestige/Netgear, and ZyXel ZyWall routers

• US Robotics 8000 Broadband Router. Client to submit logs that are produced by this router. Download usrobotics.zip (January 11, 2007 02:25 am UTC) and unzip it. Further instructions can be found in README.TXT after unzipping the file.

• VisualZone Report Utility. It "is an intrusion analyser and report utility for ZoneAlarm and ZoneAlarm Pro." VisualZone has integrated support for DShield log submission.

• The WallWatcher log viewer supports
  
  2Wire 1800HW (apparently, all 2Wire routers look like this)
  Cisco PIX
  D-Link DFL-80, DI-804HV
  IPTables (generic to all routers that use it)
  Linksys (most of the ones that support external logging)
  Netgear FR114P
  Netscreen 5GT
  Zyxel P334
  

  And maybe similar routers, too. (Updated July 15, 2004) WallWatcher has its own DShield submission module, so you don't need a separate client.

• Watchguard users have three choices. You can use our CVTWIN, above, or you can use Peter Faltham's AWK client, or you can use Hans Sandsdalen's Perl script that was based on Peter's AWK client. The CVTWIN solution can be "set and forget" More info.

  But the AWK and Perl scripts can work either on *NIX or Windows. Perl and AWK are usually already installed on *NIX systems. You can get Perl for Windows from either CYGWIN or from ActiveState. Peter's client includes instructions for obtaining and installing AWK for Windows.

  • Peter Feltham's AWK client that converts WatchGuard Firebox log files into DShield format and mails them to DShield. Download firebox.zip (January 11, 2007 02:25 am UTC) , unZip, and read AWKsystem-readme.txt for instructions.

  • Hans Sandsdalen's Perl client that converts WatchGuard Firebox log files into DShield format and mails them to DShield. Download WG-Dshield.pl (January 08, 2007 01:19 am UTC) Instructions are included for configuring for a *NIX cron job. You probably can do the same thing with Window's Task Manager.

• ZoneLog ZoneAlarm users can use ZoneLog to analyze their logs. ZoneLog has DShield submission support built in.

Set Your Time

It is important for logging purposes that the clock on your machine be set as accurately as possible. ISPs need accurate time information in log lines that are sent as abuse reports so that they can identify exactly when a suspected attacker was logged in.

Configure your machine Check your machine to see that its time settings are configured properly.

Windows XP

Open Control Panel -> Date/Time



This much is easy enough. Do a sanity check to make sure it looks OK.

Now make sure that the Time Zone is set correctly



The Time Zone is an offset from Greenwich Mean Time. The offset is the amount of time that needs to be added (or subtracted) from your local time to equal GMT.

One area of possible confusion is that Windows considers the time zone offset to be the same the year around and then internally compensates for Daylight Savings Time. GMT never changes for Daylight Savings Time. So Eastern time (shown) in Windows shows -05:00 as the offset all year long. But our logs use the actual TZ offset. So, for Eastern time, our logs will show the TZ as '-04:00' when you are in Daylight Savings Time and will show it as '-05:00' for Standard Time.

Please verify that this is working correctly and that the time and time zone information in the logs you send is correct.

Automatically setting your time. Windows XP can automatically syncronize your computer's time with an external time server.



Make sure that "Automatically syncronize with an Internet time server" is checked. The drop down box allows you to choose from several time servers. If one doesn't work, then try another. Test this by clicking on the "Update Now" button. It should access the time server and reset your clock to match.

Then it will automatically do this time syncronization so you don't need to worry about this.

Synchronize to DShield For maximum accuracy use this special page to synchronize your machine's clock to DShield's clock. This page will leave a 'mark' in your firewall log which will be used to test your clock later as you submit the log. Important: Only access this page from your firewall machine. Click here to sync your log. (You only need to do this right after you have configured and set your clock. You don't need to do this every day.)

Windows 98, ME, NT, 2000

Open Control Panel -> Date/Time



This much is easy enough. Do a sanity check to make sure it looks OK.

Now make sure that the Time Zone is set correctly



The Time Zone is an offset from Greenwich Mean Time. The offset is the amount of time that needs to be added (or subtracted) from your local time to equal GMT.

One area of possible confusion is that Windows considers the time zone offset to be the same the year around and then internally compensates for Daylight Savings Time. GMT never changes for Daylight Savings Time. So Eastern time (shown) in Windows shows -05:00 as the offset all year long. But our logs use the actual TZ offset. So, for Eastern time, our logs will show the TZ as '-04:00' when you are in Daylight Savings Time and will show it as '-05:00' for Standard Time.

Please verify that this is working correctly and that the time and time zone information in the logs you send is correct.

• Set your clock Your version of Windows doesn't have a built in program to syncronize your time with an external time standard, so you need to get a time setting utility to syncronize your machine's clock with an external time server. I've had good luck with AboutTime, which is available from here. Use AboutTime's docs to configure it. To maintain your clock's accuracy, configure AboutTime to run from the taskbar and to periodically set the time.

  

  Put AboutTime in your Startup folder so it will be loaded when you boot. The AboutTime icon should appear in your System Tray.

  Synchronize to DShield For maximum accuracy use this special page to synchronize your machine's clock to DShield's clock. This page will leave a 'mark' in your firewall log which will be used to test your clock later as you submit the log. Important: Only access this page from your firewall machine. Click here to sync your log. (You only need to do this right after you have configured and set your clock. You don't need to do this every day.)