Re: ipf, Sunscreen or ?

• Previous message: Pedro Torradinhas: "Re: ipf, Sunscreen or ?"
• In reply to: Brad Arlt: "Re: ipf, Sunscreen or ?"
• Next in thread: Valerie Anne Bubb: "Re: ipf, Sunscreen or ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Oct 2003 10:36:14 -0500 (CDT)
To: focus-sun@securityfocus.com

We've used IPF and Sunscreen for a while now, and I couldn't imagine
running a machine without something similar.

We used IPF on all of our Solaris 7 and 8 boxes, and we use Sunscreen on
all of our Solaris 9 boxes.

I use the command line mode (ssadm), so running a web server to get a GUI
isn't an issue.

The only things that are mildly annoying is that you can't use numbers for
IPs or ports in the rules. You have to first define the nubmers, then use
the aliases in the rules. I guess its good in some ways, since with
decent names you never run into the "So why did I open that port to that
machine?" issue, but it does take a little longer. The only other
annoyannce is that changing the rules using "ssadm edit" doesn't actually
do anything until you either reboot, or run "ssadm activate".

All in all though, Sunscreen works great.

Scott Wilson Manager / Lead System Administrator
swilson@uchicago.edu NSIT - TaRT - Systems & Servers

On Wed, 22 Oct 2003, Brad Arlt wrote:

> On Tue, Oct 21, 2003 at 04:49:51PM -0700, Chris Pelton wrote:
> > boxes but was burned awhile back by ipf (could have been a
>
> There were 2 or 3 versions that had problems booting. That is fixed.
> I have noticed a large CPU usage when sending lots of data, but
> otherwise love IPF.
>
> I will be trying SunScreen this morning (to get around high CPU use
> while sending), but don't have an opinion as yet.
> -----------------------------------------------------------------------
> __o Bradley Arlt Security Team Lead
> _ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
> (_)/(_) Joyously Canadian Computer Science
>

• Previous message: Pedro Torradinhas: "Re: ipf, Sunscreen or ?"
• In reply to: Brad Arlt: "Re: ipf, Sunscreen or ?"
• Next in thread: Valerie Anne Bubb: "Re: ipf, Sunscreen or ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ipf, Sunscreen or ? ... What happened with IPF that burned you before? ... Sunscreen in their SC-345 course (Solaris OE Network Intrusion Detection). ... binaries for Solaris 9 doesn't work, so you have to use the Sun compiler. ... (Focus-SUN) 64-bit GCC (was: Re: ipf, Sunscreen or ?) ... < What happened with IPF that burned you before? ... < deployed IPF on Solaris 7,8 and 9. ... Something beyond me about the way GCC ... The last time I built ipf from source I used gcc 3.2.1 or .2 and ... (Focus-SUN) Re: ISA Server for Firewall - Recommendations Please ... I understood IPF standing for IPFw (I am not really familiar ... >better than IPFw. ... recommend running it on Solaris X86. ... Personally I prefer running it on Solaris for Intel. ... (comp.security.firewalls) Re: Ethernet Bridging on Solaris ... > to bridge one of my network-interfaces (iprb0). ... Free solution: Install Solaris 9 and use SunScreen, ... replaced with ipf in sol 10 and ipf can't do it in solaris. ... (comp.unix.solaris) Re: ipf, Sunscreen or ? ... > boxes but was burned awhile back by ipf (could have been a ... There were 2 or 3 versions that had problems booting. ... I have noticed a large CPU usage when sending lots of data, ... otherwise love IPF. ... (Focus-SUN)