I've a Net4801 w/ FreeBSD 6.2 running pf w/ altq & carp, spamd, rbldnsd & bind9.
Performing nicely, so far. I'm interested in adding active IDS to the mix, along the lines of Snort + SnortSam, hoping to integrate with pf etc. What's been the experience on list with Snort's performance on this sort of setup? Snort *can* be a bit of a resource 'pig' (couldn't resist ...) There are lightweight -- and light in function -- alternatives, e.g., http://danger.rulez.sk/projects/bruteforceblocker/ http://pfsense.best-view.net/packages/config/pfPorts/sshlockout_pf/files/sshlockout_pf.c that seem to be ssh-port-specific, but could be readily adapted. Just wondering whether Snort is too heavy, or whether I should adopt a lightweight, perlcc-compiled (e.g.) alternative ... Yes, I know it's subjective ... hence looking for some subjective opinions. Thanks. --Tenzen _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
