RE: Gateway IDS

From: Rob McMillen (rvmcmil@cablespeed.com)
Date: 06/25/02

Previous message: Gary Halleen: "RE: FW: Trons 7.0 (was Re: RealSecure IDS 6.5)"
In reply to: Jochen Vogel: "Gateway IDS"
Next in thread: Christopher Cantrell: "re[2]: Gateway IDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Rob McMillen" <rvmcmil@cablespeed.com>
To: "'Jochen Vogel'" <jvogel@it-sec.de>, <focus-ids@securityfocus.com>
Date: Mon, 24 Jun 2002 19:02:09 -0400

Not a perfect solution, and I haven't updated (new iptables and new snort).
However, if you are using Linux, this might help.

http://w3.cablespeed.com/~rvmcmil

You can also take a look at hogwash

http://hogwash.sourceforge.net/

Rob

-----Original Message-----
From: Jochen Vogel [mailto:jvogel@it-sec.de]
Sent: Monday, June 24, 2002 4:14 AM
To: focus-ids@securityfocus.com
Subject: Gateway IDS

hi,

since last year i search a working gateway IDS solution.
i search a solution that work like a firewall but additionally
can block packets after an correlation with IDS signatures.
the solution to send RST packets or reconfigure a firewall
is nice but not really about latency or spoofing packets.

greets
Jochen

Previous message: Gary Halleen: "RE: FW: Trons 7.0 (was Re: RealSecure IDS 6.5)"
In reply to: Jochen Vogel: "Gateway IDS"
Next in thread: Christopher Cantrell: "re[2]: Gateway IDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
... I think I set up my Linux ipchains firewall to allow everything and to ... > If AH is being used in your VPN connection, you should see packets in your ... > use a sniffer such as windump [on your VPN client, ...
(microsoft.public.win2000.security)
Re: Linux box as firewall
... IpChains is a Firewall which is very comfortable and secure, ... you can use Ipchains to deny "3v1l" packets, which may cause some harm, to ... > with Linux but not for the last 4/5 years so I'm a bit out of touch. ...
(Security-Basics)
Re: Stats comp.os.linux.networking (last 7 days)
... you have incoming connections via 2 ... For the incoming packets, have the firewalls re-write the packets so that ... firewall itself. ... If you use a Linux box for your firewall, ...
(comp.os.linux.networking)
Re: Coyote Linux - bi-directional firewall?
... > I have been running ZoneAlarm on an NT system. ... > to have a bi-directional firewall (only authorized programs ... Filtering packets based on which program is sending them ... > Linux) and while it does the job of DHCP and Firewall, ...
(comp.os.linux.security)
RE: Gateway IDS
... and ISS RealSecure Guard ... > since last year i search a working gateway IDS solution. ... > i search a solution that work like a firewall but additionally ... > can block packets after an correlation with IDS signatures. ...
(Focus-IDS)