Fw: Re: Newbie IDS questions

From: Brian Wiese (bwiese@cotse.com)
Date: 01/10/02 

Date: Thu, 10 Jan 2002 08:08:39 -0600
From: Brian Wiese <bwiese@cotse.com>
To: focus-ids@securityfocus.com

Begin forwarded message:

Date: Thu, 10 Jan 2002 03:39:24 -0600
From: Brian Wiese <bwiese@cotse.com>
To: Frank Knobbe <FKnobbe@KnobbeITS.com>
Subject: Re: Newbie IDS questions

> > -----Original Message-----
> > From: Mike Hrubes [mailto:MHrubes@wizmo.com]
> > Sent: Wednesday, January 09, 2002 11:30 AM
> >
> > The idea that has been proposed is to put the IDS in the path
> > between connections, rather than connected in promiscuous mode.

This box would act as a bridge, and there is an excellent tutorial on how
to do this with OpenBSD at:
        http://www.daemonnews.org/200103/ipf_bridge.html

Though I haven't tried Snort on an OpenBSD box, I'm sure it can be done...
and the OpenBSD firewall (ipf in OpenBSD 2.9 and below) is very awesome
IMHO. :)

as far as that goes, this is an excellent howto for ipf for novices with
networking, if you can get the page to load, I just had a tough time
connecting with it.

        http://gridley.acns.carleton.edu/~lowem/pages/openbsd.html

google cache:
http://www.google.com/search?q=cache:rs3q5TAYTQQC:gridley.acns.carleton.edu/~lowem/pages/openbsd.html+openbsd+firewall&hl=en

and of course, the OpenBSD documentation is always there, and excellent at
that:

        http://openbsd.org/faq/faq6.html#6.2

I apologize for the shameless plugs on OpenBSD... but common' you can't
beat: "Four years without a remote hole in the default install!"

peace 

-- 
-----------
Brian Wiese
-----------
bwiese@cotse.net
"FREEDOM!"  - Braveheart

Relevant Pages

  • source routing to 2 ISPs
    ... I was thinking of using OpenBSD as a gateway/firewall since FreeBSD is not ... Both net connections have dynamic IP. ... route/nat all connexions from LAN1 to the Internet using connection1 ...
    (comp.unix.bsd.openbsd.misc)
  • PF border firewall and internal active FTP and external PASV ftp
    ... I am currently configuring a new OpenBSD 3.5 box to act as a new ... border firewall. ... I have read a tonne of pages on how to configure PF to handle ftp ... it to handle ftp connections in this situation. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: security question?
    ... >>established internet connections on a system? ... I ask this question because I have found that OpenBSD servers under heavy ... wondering if there is some default security feature that causes this. ...
    (comp.unix.bsd.openbsd.misc)