OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian Wiese (bwiesecotse.com)
Date: Thu Jan 10 2002 - 08:08:39 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Begin forwarded message:

    Date: Thu, 10 Jan 2002 03:39:24 -0600
    From: Brian Wiese <bwiesecotse.com>
    To: Frank Knobbe <FKnobbeKnobbeITS.com>
    Subject: Re: Newbie IDS questions

    > > -----Original Message-----
    > > From: Mike Hrubes [mailto:MHrubeswizmo.com]
    > > Sent: Wednesday, January 09, 2002 11:30 AM
    > >
    > > The idea that has been proposed is to put the IDS in the path
    > > between connections, rather than connected in promiscuous mode.

    This box would act as a bridge, and there is an excellent tutorial on how
    to do this with OpenBSD at:
            http://www.daemonnews.org/200103/ipf_bridge.html

    Though I haven't tried Snort on an OpenBSD box, I'm sure it can be done...
    and the OpenBSD firewall (ipf in OpenBSD 2.9 and below) is very awesome
    IMHO. :)

    as far as that goes, this is an excellent howto for ipf for novices with
    networking, if you can get the page to load, I just had a tough time
    connecting with it.

            http://gridley.acns.carleton.edu/~lowem/pages/openbsd.html

    google cache:
    http://www.google.com/search?q=cache:rs3q5TAYTQQC:gridley.acns.carleton.edu/~lowem/pages/openbsd.html+openbsd+firewall&hl=en

    and of course, the OpenBSD documentation is always there, and excellent at
    that:

            http://openbsd.org/faq/faq6.html#6.2

    I apologize for the shameless plugs on OpenBSD... but common' you can't
    beat: "Four years without a remote hole in the default install!"

    peace 

    -- 
-----------
Brian Wiese
-----------
bwiesecotse.net
"FREEDOM!"  - Braveheart