Re: Packet filter choice

From: Seth Arnold (sarnold@wirex.com)
Date: 12/06/01

Previous message: Brian Hatch: "Re: Spam filter software"
In reply to: Robin Lynn Frank: "Packet filter choice"
Next in thread: Tazio Ceri: "Re: Packet filter choice"
Next in thread: David Rubén Elfi: "Re: Packet filter choice"
Reply: Tazio Ceri: "Re: Packet filter choice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 5 Dec 2001 15:51:21 -0800
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com

On Wed, Dec 05, 2001 at 02:40:45PM -0700, Robin Lynn Frank wrote:
> [want packet filter for linux]

> Now, here comes the hard part. I'd like it to be easy to configure since not
> all of these offices are staffed by "computer types". I've looked at snort
> and prelude, and while they fulfill my own needs, they meay be a bit tricky
> for others to configure properly.

Hmm. I don't know prelude. Snort is a network intrusion detection
system, not a packet filter. A packet filter is something more like
ipfw, ipchains, or iptables (from linux land), ipf (from *BSD and
commercial Unix land), pf (from OpenBSD land), and CheckPoint Firewall-1
(from Win32 and ..unix and linux..? land).

Some of these packet filters are more advanced than others .. ipf and
pf, for example, are stateful systems, while ipfw isn't. (I don't know
about ipchains or iptables.) pf can dynamically recover state after a
reboot (through magic I don't understand), in addition to normalizing
packets. (The commercial ones often have other features, but I do not
know if the neatest features I know of are covered by NDA, so we might
as well just say you can contact the commercial vendors yourself if you
are curious what the features include. :)

Of course, if what you are *really* after is network intrusion detection
(lets hope as an additional security feature, *not* as the primary
defense..) then snort is a very popular choice, though *your* choice
should probably be based on hands-on use of the various network IDS
systems.

Cheers!

-- People who separate manpages from the programs they document would steal sheep. -- apologies to Goudy

application/pgp-signature attachment: stored

Previous message: Brian Hatch: "Re: Spam filter software"
In reply to: Robin Lynn Frank: "Packet filter choice"
Next in thread: Tazio Ceri: "Re: Packet filter choice"
Next in thread: David Rubén Elfi: "Re: Packet filter choice"
Reply: Tazio Ceri: "Re: Packet filter choice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ISA 2004 Server with a Dinamic IP. Is it Possible?
... Depending the setup you might need some features tuned... ... disable spoofing detection on the ISA ... If you are losing your IP address regarly, take a look in the packet filter ...
(microsoft.public.isa)
FW Iptables? IPF? PF?
... Iptables or IPFilter (BSD) or Packet Filter. ... I know that Iptables I can run in Linux box, ... The Iptables runs in freebsd runs in FreeBSD and Linux ...
(Security-Basics)
Re: [geek] Suggestions for local web proxy please.
... >> between the outside and the wireless net; it'll only cost a NIC and I'll ... > I've found it's a lot of work to get Linux to recognise 2 NICS at the same time. ... > OpenBSD has a better packet filter too. ...
(uk.misc)
Re: Multicast IPv6, socket,
... Do you know how to use packet filter like netfilter in ... I would appreciate if you give me some links or reference. ...
(freebsd-net)