[ previous ] [ next ] [ threads ]
 
 From:  Ugo Bellavance <ugob at camo dash route dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: m0n0wall + Snort
 Date:  Mon, 20 Jun 2005 15:45:33 -0400
Adriel T. Desautels wrote:
> Actually,
>    In my expereince its not a very good idea to install an IDS on a
> firewall
> device. Fact of the matter is an IDS device should have as much processing
> power as you an give it to help reduce false positives and false negatives
> (assuming heavy load and a good NIC). Increased usage of the CPU from other
> services, such as firewalls, reduce the amount of cycles that the IDS
> will have
> and as such reduce its performance. Anyone else feel the same way?

What you think makes sense.  However, for a small business with an idle
firewall like mine, it might be a good idea.  Having a traffic sniffer
that is not on the firewall increases the costs a lot.  You need a
separate machine, a tap or a switch with a mirror port.

> 
> ----- Message from don dot munyak at gmail dot com ---------
>    Date: Mon, 20 Jun 2005 13:54:22 -0400
>    From: Don Munyak <don dot munyak at gmail dot com>
> Reply-To: Don Munyak <don dot munyak at gmail dot com>
> Subject: Re: [m0n0wall] m0n0wall + Snort
>      To: oliver dot kainz at myez dot info
> 
> 
>> I don't want to speak for the development team, but from my time spent
>> on this list server, the goal of m0n0wall is meant to stay lean.
>> M0n0wall is primarily a firewall and it looks like that's how it will
>> stay.
>>
>> - Don
>>
>> On 6/20/05, oliver dot kainz at myez dot info <oliver dot kainz at myez dot info> wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> is there an plan to implement Snort as an NIDS into the m0n0wall in
>>> the futureve??
>>>
>>>
>>>
>>>
>>>
>>> BR
>>>
>>> Oliver
>>>
>>>