On 10/6/06, Chris Buechler [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
It is a delayed IDS. Generally an IPS hooks into the network stack
directly and does not allow the traffic to pass through until its
scanned.
Yep, sometimes these are called intrusion reaction systems, reactive
Going through some old email, sorry for the anachronism.
On 10/4/06, Bill Marquette [EMAIL PROTECTED] wrote:
Sorry, but I do not agree totally with you: the thing I love with pfSense is
that it is possible to install it everywhere, so it could be a _real_
competitor to enterprise products
On 9/20/06, Sam Newnam [EMAIL PROTECTED] wrote:
I've read a couple places but couldn't find a clear answer to whether SQUID
or another intrusion diction system had been integrated yet.
SQUID is a cache, not a NIDS.
--
Enhance your calm, fellow citizen; it's just ones and zeroes.
Unix guru for
Ewww, HTML in email. You are aware of the dangers of using a browser
to read email, right?
I am also trying to avoid cascading pfsense boxes, like routing from one to
another, and the second doing the NAT - as it is the opposite of high
availability.
The way this is normally done for HA
On 8/29/06, DarkFoon [EMAIL PROTECTED] wrote:
I was looking through my XML configuration recently, and I noticed that my
Dynamic DNS password is not encrypted like the PFsense password is.
It seems to me that this is a rather important password and should be
encrypted (if possible).
This is
On 8/18/06, Chris Godwin [EMAIL PROTECTED] wrote:
If I disable the bimap while pinging, the pings
still come through.
Because the state for the outbound ICMP echo request is still in the
state table.
If I disconnect and reconnect hamachi after the bimap
has been deleted the hosts become
http://www.loganalysis.org/
For all your log analysis needs.
--
http://www.lightconsulting.com/~travis/ --
We already have enough fast, insecure systems. -- Schneier Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
ssh need to be open on WAN interface and all user that have real shell
could be disabled for security concern.
Be careful when trying to disable users via their login shell:
http://www.csh.rit.edu/~psionic/articles/ssh-security/
--
http://www.lightconsulting.com/~travis/ --
We already have
I want to mention that you can also use SOCKS as a proxy. Many
clients support this non-transparently (as a configuration option),
and you could maybe even do it transparently.
Keeping the proxy on the gateway host will reduce the latency compared
with having it on a seperate host (TCP
On 9/21/05, A Rossi [EMAIL PROTECTED] wrote:
I was thinking of payload inspection as a way to check to see if the payload
contains requested data (like HTML, or mp3 or whatever the user is
downloading) to make sure that it doesn't contain infected data (with a worm
or such) that is
On 9/26/05, Greg Hennessy [EMAIL PROTECTED] wrote:
so its safe to assume that internet - WAN stuff should be
blocked. but for internal access between my LAN/OPT
interfaces and outbound WAN i can use reject and it wouldn't
be considered bad form?
Hmm, rejecting on the outbound WAN link?
Well it's not set in stone.
C seems too unsafe a language to me in which to write security applications.
--
http://www.lightconsulting.com/~travis/ --
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
12 matches
Mail list logo