Daniele Guazzoni wrote:
> So what...
> In this case is "protecting the internet from user attacks".
> And protecting the state table of m0n0wall :-)
I completely agree with your answer about the IDS/IPS save for one small
fact. The hosts within the network cannot be relied upon to remain
static. In a hotel it is likely the hosts will change, and that IP will
be given to another guest. In that instance, the guest will be blocked
out for no reason. This is more of an open gateway rather than a
structured corporate network, and given this, a solution needs to be
tailored around that. If indeed the hosts would stay the same, then
snort is the way to go, however in this case I think it would lead to an
awful lot of blacklist weeding and wasted time.