[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  forums <forums at deleos dot com>
 Cc:  Lew Maggio <lew at lsfc dot org>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] snort or IDS
 Date:  Mon, 25 Oct 2004 03:21:51 -0400
yup, after the m0n0 is a much smarter way to go.

You should also look at Bro IDS http://bro-ids.org/. Very slick, can use snort 
signatures and can be reactive if necessary. I am (slowly) working on a port 
of m0n0 which has this in it.

Search he mail list cause there is a m0n0snort....

Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311


Quoting forums <forums at deleos dot com>:

> Personally I wouldn't run Snort on the firewall.  I believe the best
> thing to do if you have the extra hardware is to run Snort
> inline/network based (after the m0n0wall - LAN side) if you run Snort
> before (WAN side) or on the m0n0wall you will probably have too many
> alerts to deal with...eventually leading to frustration and a lack of
> maintenance and tuning of your rules.  Having the IDS after the m0n0wall
> will detect any malicious traffic passing through your m0n0wall, as long
> as your rules are up to date - just like virus definitions.
> 
> Remember the IDS is just that a detection system NOT a prevention
> system.
> 
> -Puma
> 
> -----Original Message-----
> From: Lew Maggio [mailto:lew at lsfc dot org] 
> Sent: Monday, October 25, 2004 12:41 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] snort or IDS
> 
> I need to implement an IDS system soon, and I would prefer to use snort
> because it seems to be the most respected and most common.  Has someone
> built monowall with snort integrated?
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>