NP, I understand, as I am a developer also. Guess I just have to make the time to hack on 'guardian' and get it to work w/ iptables.
-later rdg --- SN <[EMAIL PROTECTED]> wrote: > > ----- Original Message ----- > From: "rd" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 13, 2003 12:13 AM > Subject: Re: [gentoo-user] IDS > > > > What are you using to modify iptables after snort > detects > > something bad? > > > > With ipchains, I used to use 'guardian' (available from > > link on snort web page), but have not updated it so it > will > > work with iptables yet. > > > > Is your work GPL? I am sure many more experienced IDS > > users would be interested. > > Since I'm a professional perl programmer, I wrote a > script for our company > in perl that reads out snort logs and creates rules for > iptables. > But it ain't gpl, only for internal business, sorry. > > > > > -rdg > > > > --- SN <[EMAIL PROTECTED]> wrote: > > > MessageIf it's a single maschine, then I'd suggest > snort. > > > > > > But as I followed the thread, you don't seem to have > ever > > > worked with either snort or prelude, this is bad, > gentoos > > > preconfigured scripts suck, to get some out of it you > > > will have to reconfigure a couple of things.. I have > > > setup snort on several distros , but they usually had > one > > > thing in common a bad start configuration. > > > I have written some additional scripts, that add > better > > > snort support for dialup users and I have added > support > > > for automatic blocking through iptables in case > snort > > > detects critical attacks. > > > > > > The thing is as someone mentioned earlier, if you > don't > > > have a lot of knowledge of real attacks, network > setup > > > etc. and if you are not experienced with an ids all > you > > > will get is a load of information that you don't know > how > > > to interpret. > > > ----- Original Message ----- > > > From: Chase Jeffery D > > > To: [EMAIL PROTECTED] > > > Sent: Monday, November 10, 2003 10:07 PM > > > Subject: RE: [gentoo-user] IDS > > > > > > > > > single machine. This is going to be installed on > my > > > firewall machine...... > > > > > > > > > -----Original Message----- > > > From: SN [mailto:[EMAIL PROTECTED] > > > Sent: Monday, November 10, 2003 3:26 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [gentoo-user] IDS > > > > > > > > > Depends on your network, single machine or a > whole > > > set of machines? > > > ----- Original Message ----- > > > From: Chase Jeffery D > > > To: [EMAIL PROTECTED] > > > Sent: Monday, November 10, 2003 7:48 PM > > > Subject: [gentoo-user] IDS > > > > > > > > > Hi everyone, Just wondering what Network > intrusion > > > detection software is the best. I've heard the main > two > > > programs to use would be Snort or Prelude and am > > > wondering which of the two gives you more > > > flexibility(configuration) and better > > > detection/reporting? > > > > > > Thanks for your help, > > > Jeff > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Protect your identity with Yahoo! Mail AddressGuard > > http://antispam.yahoo.com/whatsnewfree > > > > -- > > [EMAIL PROTECTED] mailing list > > > > > > > -- > [EMAIL PROTECTED] mailing list > __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree -- [EMAIL PROTECTED] mailing list
