Adriel T. Desautels wrote:
> In my expereince its not a very good idea to install an IDS on a
> device. Fact of the matter is an IDS device should have as much processing
> power as you an give it to help reduce false positives and false negatives
> (assuming heavy load and a good NIC). Increased usage of the CPU from other
> services, such as firewalls, reduce the amount of cycles that the IDS
> will have
> and as such reduce its performance. Anyone else feel the same way?
What you think makes sense. However, for a small business with an idle
firewall like mine, it might be a good idea. Having a traffic sniffer
that is not on the firewall increases the costs a lot. You need a
separate machine, a tap or a switch with a mirror port.
> ----- Message from don dot munyak at gmail dot com ---------
> Date: Mon, 20 Jun 2005 13:54:22 -0400
> From: Don Munyak <don dot munyak at gmail dot com>
> Reply-To: Don Munyak <don dot munyak at gmail dot com>
> Subject: Re: [m0n0wall] m0n0wall + Snort
> To: oliver dot kainz at myez dot info
>> I don't want to speak for the development team, but from my time spent
>> on this list server, the goal of m0n0wall is meant to stay lean.
>> M0n0wall is primarily a firewall and it looks like that's how it will
>> - Don
>> On 6/20/05, oliver dot kainz at myez dot info <oliver dot kainz at myez dot info> wrote:
>>> is there an plan to implement Snort as an NIDS into the m0n0wall in
>>> the futureve??