On Tue, 12 Nov 2002, Ronald Warner wrote: .. > plugmembers, what are your thoughts on having both an ids (such as > snort) and a firewall in the same box? is it advisable? thanks.
we're doing it and it's ok. you might want to use "hogwash" or "guardian" so that IDS output results in dynamic iptables rules. the problem is that stock snort is TOO sensitive: pretty soon most of your ports get blocked by the paranoiac snort. --- Orlando Andico <[EMAIL PROTECTED]> Mosaic Communications, Inc. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
