From: Rowel Atienza <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [plug] firewall and snort
Date: Tue, 12 Nov 2002 19:10:17 +1100 (EST)
Default snort configuration is really paranoid. It makes snort logs really
noisy especially with rpc stuff (nfs is a good example). But once you tune
the rules themselves, it becomes manageable.
rowel
On Tue, 12 Nov 2002, Orlando Andico wrote:
> On Tue, 12 Nov 2002, Ronald Warner wrote:
> ..
> > plugmembers, what are your thoughts on having both an ids (such as
> > snort) and a firewall in the same box? is it advisable? thanks.
>
> we're doing it and it's ok.
> you might want to use "hogwash" or "guardian" so that IDS output results
> in dynamic iptables rules.
>
> the problem is that stock snort is TOO sensitive: pretty soon most of your
> ports get blocked by the paranoiac snort.
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
