[ previous ] [ next ] [ threads ]
 
 From:  Nick Buraglio <nick at buraglio dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  Dirk Hombrecher <dhombrecher at ifrance dot com>, Chad R.Larson <clarson at eldocomp dot com>
 Subject:  Re: [m0n0wall] snort
 Date:  Wed, 26 Nov 2003 12:11:02 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Spanning to another device is a more accepted way to do it, that 
offloads logging, analyzing and viewing on another box that probably 
has more power and memory.  It's always a good idea to keep your IDS 
apart and even hidden if possible.  Then again, for a small home 
network an all-in-one device sure is convenient.

On Nov 26, 2003, at 11:45 AM, Chad R. Larson wrote:

> At 04:43 PM 11/25/2003, Dirk Hombrecher wrote:
>> is it possible to add into m0n0wall an IDS like SNORT?
>
> You might be able to get close by enabling the remote syslog feature 
> and
> then running some of the log monitoring/analyzing tools on a different
> machine.  SNORT can take a pretty good bite out of your available CPU,
> which would be an issue on embedded systems like the Soekris boxes.
>
> Or else, bridge a third interface to the WAN side and then use an 
> external
> box to SNORT that.
>
>
> -- CONFIDENTIALITY NOTICE --
>
> This message is intended for the sole use of the individual and entity 
> to whom it is addressed, and may contain information that is 
> privileged, confidential and exempt from disclosure under applicable 
> law. If you are not the intended addressee, nor authorized to receive 
> for the intended addressee, you are hereby notified that you may not 
> use, copy, disclose or distribute to anyone the message or any 
> information contained in the message. If you have received this 
> message in error, please immediately advise the sender by reply email, 
> and delete the message. Thank you.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
Nick Buraglio
Network and UNIX Ronin
nick at buraglio dot com	
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/xOy6FOm2Sy5bRPQRAmuuAJ0c2DgPNTZoxqCd5t0F81h036l5PACeIyO+
L0KsjVmV5Z/UtWmPf7PWfM4=
=zmbj
-----END PGP SIGNATURE-----