|
||||||||||
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Spanning to another device is a more accepted way to do it, that offloads logging, analyzing and viewing on another box that probably has more power and memory. It's always a good idea to keep your IDS apart and even hidden if possible. Then again, for a small home network an all-in-one device sure is convenient. On Nov 26, 2003, at 11:45 AM, Chad R. Larson wrote: > At 04:43 PM 11/25/2003, Dirk Hombrecher wrote: >> is it possible to add into m0n0wall an IDS like SNORT? > > You might be able to get close by enabling the remote syslog feature > and > then running some of the log monitoring/analyzing tools on a different > machine. SNORT can take a pretty good bite out of your available CPU, > which would be an issue on embedded systems like the Soekris boxes. > > Or else, bridge a third interface to the WAN side and then use an > external > box to SNORT that. > > > -- CONFIDENTIALITY NOTICE -- > > This message is intended for the sole use of the individual and entity > to whom it is addressed, and may contain information that is > privileged, confidential and exempt from disclosure under applicable > law. If you are not the intended addressee, nor authorized to receive > for the intended addressee, you are hereby notified that you may not > use, copy, disclose or distribute to anyone the message or any > information contained in the message. If you have received this > message in error, please immediately advise the sender by reply email, > and delete the message. Thank you. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > Nick Buraglio Network and UNIX Ronin nick at buraglio dot com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/xOy6FOm2Sy5bRPQRAmuuAJ0c2DgPNTZoxqCd5t0F81h036l5PACeIyO+ L0KsjVmV5Z/UtWmPf7PWfM4= =zmbj -----END PGP SIGNATURE----- |