On Wednesday 22 January 2003 03:35 pm, Bryan Irvine wrote:
> Does pf have a syntax for intrusion detection?
>
> Id not what do you guys recommend? Nessus? Snort? Prelude?
>
> --Bryan
I would recommend you look at using nessus to scan your network for
vulnerabilites and patch/reconfig your servic
While pf has no syntax for intrusion detection, it has some nice features
that aid in intrusion detection.
scrub: makes sure that the intrusion detection system inside the firewall
cannot be fooled by fragments and similiar other tricks that would cause
hosts and the ids see different packet
Hmm Maybe he's talking about **deep packet inspection**?
http://www.zdnet.com/filters/printerfriendly/0,6061,2898730-92,00.html
C'mon man !.. What is a "syntax for intrusion detection" ?
Have you ever seen something like you told.
What are you expecting? What kind of "syntax" ?
On 22 Jan 2003, Bryan Irvine wrote:
> Does pf have a syntax for intrusion detection?
Sure!
intrusion detection on fxp0 from any to any keep state
This gives you stateful instrusion detection.
C'mon man !.. What is a "syntax for intrusion detection" ?
Have you ever seen something like you tol
Does pf have a syntax for intrusion detection?
Id not what do you guys recommend? Nessus? Snort? Prelude?
--Bryan
Didn't want to take this off the list - one last question - would there be
a point to having the rule label pushed through the log? especially with
Mikes useful script here already. it looks like the rule number is enough?
> That's a Trick! very clean - I like that - rulenum is the same as the
On Wed, 2003-01-22 at 13:42, Bryan Irvine wrote:
> I've never done pf without NAT before. Now I've been charged with
> building a new firewall to replace the aging linux firewall.
>
> I've come across a couple things in the pf howto at deadly.org that I'm
> not sure if I should use.
>
> One is s
I've never done pf without NAT before. Now I've been charged with
building a new firewall to replace the aging linux firewall.
I've come across a couple things in the pf howto at deadly.org that I'm
not sure if I should use.
One is scrub, and the other is modulation state.
What do these do exact
On Sat, Jan 18, 2003 at 01:57:17PM +, Steve Schmitz wrote:
> If you consider gigabit/copper a fast network and can suggest
> experiments/meassurements, I'll be happy to conduct them.
TCP window scaling support has been commited to -current (pf.c 1.306).
If you have a spare box to install -cu