On 10/6/06, Chris Buechler [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
It is a delayed IDS. Generally an IPS hooks into the network stack
directly and does not allow the traffic to pass through until its
scanned.
Yep, sometimes these are called intrusion reaction systems, reactive
Going through some old email, sorry for the anachronism.
On 10/4/06, Bill Marquette [EMAIL PROTECTED] wrote:
Sorry, but I do not agree totally with you: the thing I love with pfSense is
that it is possible to install it everywhere, so it could be a _real_
competitor to enterprise products
Scott Ullrich wrote:
It is a delayed IDS. Generally an IPS hooks into the network stack
directly and does not allow the traffic to pass through until its
scanned.
And generally you probably aren't going to want to hook snort into your
network stack like that, because of the limitations of
Chris Buechler schrieb:
And generally you probably aren't going to want to hook snort into your
network stack like that, because of the limitations of PC hardware.
Commercial IPS devices process rules through ASIC's, which enables them
to fully evaluate every single packet before passing it
On 10/5/06, Chris Godwin [EMAIL PROTECTED] wrote:
Am I correct about Snort being able to block as well as detect? Isn't
this IDS/IPS, not just IDS.
It is a delayed IDS. Generally an IPS hooks into the network stack
directly and does not allow the traffic to pass through until its
scanned.
Subject: Re: [pfSense-discussion] IDS yet?
On 10/5/06, Chris Godwin [EMAIL PROTECTED] wrote:
Am I correct about Snort being able to block as well as
detect? Isn't
this IDS/IPS, not just IDS.
It is a delayed IDS. Generally an IPS hooks into the network stack
directly and does not allow
Snort is kicking some great arse! I'm really loving it.
Any way to get it to syslog? I see a lot of MS-SQL worms and such and
would (for giggles) like to see all the snort alerts.
System logs only shows the attacking IP and not what kind of attack.
Who is the sponsor for Snort, I want to buy
On 10/5/06, Jason J. Ellingson [EMAIL PROTECTED] wrote:
Snort is kicking some great arse! I'm really loving it.
Any way to get it to syslog? I see a lot of MS-SQL worms and such and
would (for giggles) like to see all the snort alerts.
System logs only shows the attacking IP and not what
Sorry do you plan to use snort as IDS or as IPS? I think that the former should be easier to implement as a package, but the latter is the direction to follow, in a long term project. Few days ago I saw StillSecure Strataguard, and I found that their interface/approach to IPS is very good...
Beside that I always thought Snort is first and foremost
an IDS and not an IPS...
Holger Bauer schrieb:
I suggest just trying the snort package in the way it is now before
discussinng new features so everybody in this discussion knows what we are
talking about. It's easy to setup and
Daniel S. Haischt wrote:
Beside that I always thought Snort is first and foremost
an IDS and not an IPS...
It can do both, IIRC.
But commercial IDS/IPS products have been blurring the line between
these two purposes for years - upto a point where I think there is no
real distinction
Tommaso Di Donato wrote:
On 10/4/06, Rainer Duffner
[EMAIL PROTECTED]
wrote:
At
least in this respect, pfSense is still a clear packet-filter only ;-)
And ideally, it should stay this way while analyzing packet-content
should occur elsewhere (because it also needs much more CPU-power).
On 10/4/06, Tommaso Di Donato [EMAIL PROTECTED] wrote:
On 10/4/06, Rainer Duffner [EMAIL PROTECTED] wrote:
At least in this respect, pfSense is still a clear packet-filter only ;-)
And ideally, it should stay this way while analyzing packet-content
should occur elsewhere (because it also
On 10/4/06, Bill Marquette [EMAIL PROTECTED] wrote:
On 10/4/06, Tommaso Di Donato [EMAIL PROTECTED] wrote: On 10/4/06, Rainer Duffner [EMAIL PROTECTED]
wrote: At least in this respect, pfSense is still a clear packet-filter only ;-) And ideally, it should stay this way while analyzing
So far, I like the new Snort package. Very nice and easy to set up.
You have my praises!
If I am correct, the Snort package only sees traffic that was not
blocked by firewall rules?
- Jason
system for example :-)
Holger
-Original Message-
From: Jason J. Ellingson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 3:58 PM
To: discussion@pfsense.com
Subject: RE: [pfSense-discussion] IDS yet?
So far, I like the new Snort package. Very nice and easy to set up
Subject: RE: [pfSense-discussion] IDS yet?
No, it sees everything. For example running at my WAN though nearly
everything is blocked it detects portscans too and will block this IP
(if enabled) so it can't start a bruteforce against my open ports. If
you are lucky it will even block the intruder before
On 10/4/06, Holger Bauer [EMAIL PROTECTED] wrote:
No, it sees everything. For example running at my WAN though nearly everything
is blocked it detects portscans too and will block this IP (if enabled) so it
can't start a bruteforce against my open ports. If you are lucky it will even
block
Snort hooks into bpf, bpf gets 1st look at all traffic.
Greg
-Original Message-
From: Jason J. Ellingson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 2:58 PM
To: discussion@pfsense.com
Subject: RE: [pfSense-discussion] IDS yet?
So far, I like the new Snort
On 10/4/06, Donald Pulsipher [EMAIL PROTECTED] wrote:
I tried to install the snort package but get an error. This was on my Soekris
embedded box with the embedded version 1.0-RC1a.
Two problems here.
1. RC1 is ancient, the snort package only works on RC3 and above
2. Embedded doesn't support
Snort requires 1.0-RC3.
On 10/4/06, Donald Pulsipher [EMAIL PROTECTED] wrote:
I tried to install the snort package but get an error. This was on my Soekris
embedded box with the embedded version 1.0-RC1a.
Here is the output :
-
Installation of snort FAILED!
Downloading package
The /pkg_mgr.php and related files are still in the www directory, I just
pointed to them in my url.
If I upgrade to RC3, is there an easy way to change the embedded image to
support packages ? Otherwise I could always just compile and install snort
myself I guess.
Thanks for your replies.
SH. Don't tell anyone this. ;)
Scott
On 10/4/06, Donald Pulsipher [EMAIL PROTECTED] wrote:
The /pkg_mgr.php and related files are still in the www directory, I just
pointed to them in my url.
If I upgrade to RC3, is there an easy way to change the embedded image to
support packages
On 10/4/06, Donald Pulsipher [EMAIL PROTECTED] wrote:
According to my rough calculations, I can do maybe 40mbps throughput before I
peg the cpu. Or maybe I'm just dreaming, but I plan on testing it.
With a 4801 or wrap??? Try again :) We peg the CPU on those boards
well before 40mbit...I
Its a 4801 with the fastest processor I could get (266). We'll see what I can
do with it, I don't plan on using a default config with snort. I know I'm going
to have to tweak it. With the right setup, I believe running snort on the
embedded image _is_ feasable. If I do manage to pull it off,
reach thier limits
sooner or later.
Holger
-Original Message-
From: Donald Pulsipher [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 8:03 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] IDS yet?
Its a 4801 with the fastest processor I could get (266
On 9/20/06, Sam Newnam [EMAIL PROTECTED] wrote:
I've read a couple places but couldn't find a clear answer to whether SQUID
or another intrusion diction system had been integrated yet.
SQUID is a cache, not a NIDS.
--
Enhance your calm, fellow citizen; it's just ones and zeroes.
Unix guru for
On 9/20/06, Scott Ullrich [EMAIL PROTECTED] wrote:
There is no IDS package with no intention on creating one. We are
waiting for you all to step up to the plate.
I somewhat lied about this. For some reason after seeing your post
something clicked in my head and I spent a good 35 hours on a
I meant SNORT. Sorry - my mistake - thanks.
Sam Newnam
SystemSam Technologies, LLC
www.systemsam.com
-Original Message-
From: Travis H. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 03, 2006 4:45 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] IDS yet?
On 9/20/06
]
Sent: Wednesday, September 20, 2006 3:23 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] IDS yet?
On 9/20/06, Sam Newnam [EMAIL PROTECTED] wrote:
I've read a couple places but couldn't find a clear answer to whether
SQUID
or another intrusion diction system had been integrated
wa
Sam Newnam
SystemSam Technologies, LLC
www.systemsam.com
-Original Message-
From: Chris Godwin [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 21, 2006 10:23 AM
To: discussion@pfsense.com
Subject: RE: [pfSense-discussion] IDS yet? (+IPS)
What about Snortsam and ipfw
On 9/21/06, Sam Newnam [EMAIL PROTECTED] wrote:
I was thinking about using something like this product too...
http://www.stillsecure.org/index.php?rf=vmw
Says it integrates with IP Tables... Quick thoughts on its compatibility
with PF?
It's a dedicated linux install.
--Bill
Ive read a couple places but couldnt find a
clear answer to whether SQUID or another intrusion diction system had been
integrated yet. I found those screen shots where it showed the package manager
but then read where its being re-written. Anyway, sorry if I waste someones
time but I just
33 matches
Mail list logo