SmoothWall.org has a really great linux Firewall/router/IDS that supports
up to three interfaces (RED outside, GREEN internal network, ORANGE DMZ).
We've been using it for a few months now and it works great. Its a complete
system, but the download is only 20mb for the ISO. Works on a P133 with
32mb ram with a good amount of speed. It also logs port scans and some
trojan activity. Go to http://www.smoothwall.org for more info.

> Hi all,
>
> I'm new to the IDS world. I understand what an IDS does, and why you
> need it, but I have some questions on the technical aspect of IDS. We
> are planning on implementing an IDS in the near future. The idea that
> has been proposed is to put the IDS in the path between connections,
> rather than connected in promiscuous mode. The reason they want to do
> this is so they can also run a blocking software, like portsentry, to
> block unwanted scans, etc.
>
> Is this even possible to do? The idea is to use a linux server running
> snort. This box would have two interfaces to route the traffic through
> it, scanning the signatures at the same time.
>
> Possible/not possible? If possible, good idea/bad idea? Opinions in
> general?
>
> Thanks in advance,
>
> Mike Hrubes

-- 
Steve A. Tindle III
Webmaster, Nuleo.org
Lead Coder, Realms of Nuleo
"The box said, 'Reqires Windows 95
or better', so I installed LINUX"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]