|
||||||||||
yup, after the m0n0 is a much smarter way to go. You should also look at Bro IDS http://bro-ids.org/. Very slick, can use snort signatures and can be reactive if necessary. I am (slowly) working on a port of m0n0 which has this in it. Search he mail list cause there is a m0n0snort.... Chet Harvey Pitbull Technologies <http://www.pittech.com/> Protecting your Digital Assets 703.407.7311 Quoting forums <forums at deleos dot com>: > Personally I wouldn't run Snort on the firewall. I believe the best > thing to do if you have the extra hardware is to run Snort > inline/network based (after the m0n0wall - LAN side) if you run Snort > before (WAN side) or on the m0n0wall you will probably have too many > alerts to deal with...eventually leading to frustration and a lack of > maintenance and tuning of your rules. Having the IDS after the m0n0wall > will detect any malicious traffic passing through your m0n0wall, as long > as your rules are up to date - just like virus definitions. > > Remember the IDS is just that a detection system NOT a prevention > system. > > -Puma > > -----Original Message----- > From: Lew Maggio [mailto:lew at lsfc dot org] > Sent: Monday, October 25, 2004 12:41 AM > To: m0n0wall at lists dot m0n0 dot ch > Subject: [m0n0wall] snort or IDS > > I need to implement an IDS system soon, and I would prefer to use snort > because it seems to be the most respected and most common. Has someone > built monowall with snort integrated? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > |