[ previous ] [ next ] [ threads ]
 
 From:  "Alagu Sankar" <alaguv at realnetsi dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  [m0n0wall] 16 MB RAM
 Date:  Wed, 22 Oct 2003 13:16:22 -0700 
I am trying to use m0n0wall generic PC version on an x86 based hardware with
only 16MB RAM and 8MB CF.  I am getting some Page Fault (trap 12) as soon as
the kernel boots up.  Just wondering if anybody has used it with similar
configuration.  FYI i am using the rootfs-pb18r522.tar.gz as a base root
filesystem and building my own kernel image based on FreeBSD 4.8 RELEASE.
m0n0wall hackers guide has been of great help in building my own image. Now
i have a standard PC for PXE boot and a target platform for CF boot.

Sankar

----- Original Message -----
From: "Tracy Phillips" <tracy dot phillips at weberize dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, October 22, 2003 9:15 AM
Subject: [m0n0wall] PorSentry Feedback


Hi,



I would like to know what the list would think about implementing portsentry
into m0n0wall?



http://www.freebsddiary.org/portsentry.php



Psionic was purchased by Cisco so the link referenced in the article above
will lead you to Cisco.



This is from the readme of portsentry:



PortSentry is part of the Abacus Project suite of tools. The Abacus

Project is an initiative to release low-maintenance, generic, and reliable

host based intrusion detection software to the Internet community. More

information can be obtained from http://www.psionic.com.



PortSentry has a number of options to detect port scans, when it finds one
it

can react in the following ways:



            - A log indicating the incident is made via syslog()

            - The target host is automatically dropped into /etc/hosts.deny

              for TCP Wrappers

            - The local host is automatically re-configured to route all

              traffic to the target to a dead host to make the target system

              disappear.

            - The local host is automatically re-configured to drop all

              packets from the target via a local packet filter.





The purpose of this is to give an admin a heads up that their host is

being probed. There are similar programs that do this already (klaxon,

etc.) We have added a little twist to the whole idea (auto-blocking), plus

extensive support for stealth scan detection.



--



I think this would be a great tool to be implemented on a firewall
(obviously Cisco does as well). It's a fairly lightweight program so it
should not take up much room.



I would like to get some feedback on the subject





Tracy Phillips