RE: Gateway IDS

From: Rob McMillen (rvmcmil@cablespeed.com)
Date: 06/25/02


From: "Rob McMillen" <rvmcmil@cablespeed.com>
To: "'Jochen Vogel'" <jvogel@it-sec.de>, <focus-ids@securityfocus.com>
Date: Mon, 24 Jun 2002 19:02:09 -0400

Not a perfect solution, and I haven't updated (new iptables and new snort).
However, if you are using Linux, this might help.

http://w3.cablespeed.com/~rvmcmil

You can also take a look at hogwash

http://hogwash.sourceforge.net/

Rob

-----Original Message-----
From: Jochen Vogel [mailto:jvogel@it-sec.de]
Sent: Monday, June 24, 2002 4:14 AM
To: focus-ids@securityfocus.com
Subject: Gateway IDS

hi,

since last year i search a working gateway IDS solution.
i search a solution that work like a firewall but additionally
can block packets after an correlation with IDS signatures.
the solution to send RST packets or reconfigure a firewall
is nice but not really about latency or spoofing packets.

greets
Jochen



Relevant Pages

  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... I think I set up my Linux ipchains firewall to allow everything and to ... > If AH is being used in your VPN connection, you should see packets in your ... > use a sniffer such as windump [on your VPN client, ...
    (microsoft.public.win2000.security)
  • Re: [opensuse] Interactive Firewall Needed
    ... That situation is impossible in Linux, as the firewall can not track to ... not to outgoing packets, and there is no info to link this to whatever ... application might have opened that port for listening. ...
    (SuSE)
  • Re: Linux box as firewall
    ... IpChains is a Firewall which is very comfortable and secure, ... you can use Ipchains to deny "3v1l" packets, which may cause some harm, to ... > with Linux but not for the last 4/5 years so I'm a bit out of touch. ...
    (Security-Basics)
  • Re: Stats comp.os.linux.networking (last 7 days)
    ... you have incoming connections via 2 ... For the incoming packets, have the firewalls re-write the packets so that ... firewall itself. ... If you use a Linux box for your firewall, ...
    (comp.os.linux.networking)
  • RE: Gateway IDS
    ... and ISS RealSecure Guard ... > since last year i search a working gateway IDS solution. ... > i search a solution that work like a firewall but additionally ... > can block packets after an correlation with IDS signatures. ...
    (Focus-IDS)