RE: [m0n0wall] RE: Minor typo on DHCP-page?

From:	"Fred Weston" <fred at daytonawan dot com>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] RE: Minor typo on DHCP-page?
Date:	Sat, 29 Nov 2003 13:57:33 -0500
Martin,

  I know SmoothWALL has a built in IDS, I think it's snort.  If you're
looking for an easy to set up IDS, you might look at that.  Although, I
think I agree with Manuel about disliking the idea of IDS.  It's a good
idea, but it seems like a replacement for making sure your firewall
rules and services are all locked down tightly.  I ran snort on Debian
for a short while, and it never seemed to suck up much CPU time at all.
However, given that m0n0wall can run with a very miniscule amount of
storage, the log space might be an issue for some people.

Personally, I would also be interested to see the other two features you
asked for to be implemented.  :-)


-----Original Message-----
From: Martin Holst [mailto:mail at martinh dot dk] 
Sent: Saturday, November 29, 2003 6:33 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] RE: Minor typo on DHCP-page?


OK. Good points ;o)
Thanks for the quick response.

Any chance for the other two suggestions?

As for IDS; I've followed the discussions about SNORT. I don't have any
programming skills (or BSD experience for that matter). So I'll wait and
see if anyone can successfully implement it without to much of a
performance hit.

Since SNORT logs should go to another PC anyway, Chad's suggestion about
running it off m0n0wall and just sniffing an interface bridged to WAN
might be the most effective solution.

Has anyone tried this solution?

/Martin

-----Original Message-----
From: Manuel Kasper [mailto:mk at neon1 dot net] 
Subject: Re: [m0n0wall] Minor typo on DHCP-page?

On 29.11.2003, at 11:53, Martin Holst wrote:

> It looks like you forgot to correct the default and max lease times on
> the
> DHCP-page, when you increased them in pb20.
> (Still says that default lease is 600 and max is 7200)

Whoops... Fixed now. :) Thanks!

> I know you are busy but I have to ask: Any chance of IDS being
> implemented
> in the near future?
> I am sure that IDS is an important feature to a lot of people.

Mmmh I'm one of those people who believe that IDS isn't something that 
should be implemented in m0n0wall for these reasons:

- it would bloat the system
- not sure if IDS on the firewall itself is a good idea
- not sure if embedded platforms like the net45xx would even be able to 
handle the load well
- no persistent storage
- I personally dislike the idea of IDS

So I don't think we'll see IDS in m0n0wall (at least the official 
image) anytime soon, sorry.

- Manuel


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch