On Tue, Oct 18, 2011 at 10:31 PM, Wesley M. <[email protected]> wrote: > Hi, > > I use OpenBSD 4.9, i'm looking for a good nids.
It depends on what you are trying to accomplish. In general OSSEC and Snort are great intrusion detection tools to get started. OSSEC can monitor your logs and can block IP addresses if certain patterns are matched. This can shoot you in the foot if not configured properly. Snort can monitor your network interface for traffic patterns that match known exploits, port scans, etc. Both can be pretty noisy, so you will need to learn how they work before deploying them so that they can be tuned properly. If you don't tune them, you're more likely to ignore the noise. However, if you're not interested in intrusion detection, but rather looking for a way to block ssh brute force attempts, you can do a lot with PF, as was mentioned in this thread. As far as port scans are concern, I don't bother to act on them or attempt to block them. I don't see scans as a security problem, but that is my opinion.
