RE: Newbie IDS questions (smoothwall)

From: Chmielarski TOM-ATC090 (Tom.Chmielarski@motorola.com)
Date: 01/16/02 

From: Chmielarski TOM-ATC090 <Tom.Chmielarski@motorola.com>
To: "'Steve A. Tindle III'" <leonexis@nuleo.org>, MHrubes@wizmo.com
Date: Tue, 15 Jan 2002 20:05:14 -0600

Nothing profound I suppose, but anyone interested in smoothwall may want to ponder the following:

c't article (smoothwall bad): http://www.heise.de/ct/english/02/01/162/

./ posted response by smoothwall developer: http://slashdot.org/article.pl?sid=02/01/09/2050237

Response to a response: http://www.heise.de/ct/english/02/01/162/response.shtml

-Tom

-----Original Message-----
From: Steve A. Tindle III [mailto:leonexis@nuleo.org]
Sent: Friday, January 11, 2002 11:46 PM
To: MHrubes@wizmo.com
Cc: focus-ids@securityfocus.com
Subject: Re: Newbie IDS questions

SmoothWall.org has a really great linux Firewall/router/IDS that supports
up to three interfaces (RED outside, GREEN internal network, ORANGE DMZ).
We've been using it for a few months now and it works great. Its a complete
system, but the download is only 20mb for the ISO. Works on a P133 with
32mb ram with a good amount of speed. It also logs port scans and some
trojan activity. Go to http://www.smoothwall.org for more info.

> Hi all,
>
> I'm new to the IDS world. I understand what an IDS does, and why you
> need it, but I have some questions on the technical aspect of IDS. We
> are planning on implementing an IDS in the near future. The idea that
> has been proposed is to put the IDS in the path between connections,
> rather than connected in promiscuous mode. The reason they want to do
> this is so they can also run a blocking software, like portsentry, to
> block unwanted scans, etc.
>
> Is this even possible to do? The idea is to use a linux server running
> snort. This box would have two interfaces to route the traffic through
> it, scanning the signatures at the same time.
>
> Possible/not possible? If possible, good idea/bad idea? Opinions in
> general?
>
> Thanks in advance,
>
> Mike Hrubes 

-- 
Steve A. Tindle III
Webmaster, Nuleo.org
Lead Coder, Realms of Nuleo

"The box said, 'Reqires Windows 95
or better', so I installed LINUX"

Relevant Pages

  • RE: IDS that retaliates.
    ... Subject: IDS that retaliates. ... This is generally referred to as Active Response. ... Now if you're referring to launching counter-attacks or similar ...
    (Security-Basics)
  • Re: Host Based IDS
    ... First of all many thanks for your replies and excuse me for my late response. ... There is already a network based IDS present based on S-flow packets. ... This is only one simple abnormality check on a host. ... Third Brigade Deep Security ...
    (Focus-IDS)
  • Re: IDS that retaliates.
    ... but most everyone seems to think that will only make the attacker more ... Subject: IDS that retaliates. ... > This is generally referred to as Active Response. ...
    (Security-Basics)
  • IDS Testing
    ... Has anyone ever used a product called IDS Informer made by Blade Software? ... functionality and response of production IDS sensors. ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Pen-Test)