[ previous ] [ next ] [ threads ]
 From:  Mike <lists at southwestech dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Latest virus kills m0n0wall
 Date:  Sun, 12 Aug 2007 10:55:36 -0600
Daniele Guazzoni wrote:
> So what...
> In this case is "protecting the internet from user attacks".
> And protecting the state table of m0n0wall :-)

I completely agree with your answer about the IDS/IPS save for one small 
fact. The hosts within the network cannot be relied upon to remain 
static. In a hotel it is likely the hosts will change, and that IP will 
be given to another guest. In that instance, the guest will be blocked 
out for no reason. This is more of an open gateway rather than a 
structured corporate network, and given this, a solution needs to be 
tailored around that. If indeed the hosts would stay the same, then 
snort is the way to go, however in this case I think it would lead to an 
awful lot of blacklist weeding and wasted time.