Network security
Jason Costomiris
jcostom at jasons.org
Thu Jun 10 19:36:58 UTC 2004
On Jun 10, 2004, at 8:27 AM, Rodolfo J. Paiz wrote:
> However, if in general you want security tools to detect malicious
> activity, then I suggest using Shorewall [1] as your firewall package
> on the Linux box, and Snort [2] for an intrusion detection system
> (IDS). Both tools are top-of-the-line and will likely do a huge
> percentage of what you want.
Snort with flexresp will do much of what the user is looking for.
The flexresp code that's part of the snort rpms from dag's site have
flexresp compiled in by default.
That being said, any time you use an IDS with response code, you take
the chance of DoSing yourself by accident. Be extremely careful with
how you configure flexresp.
Those rpms use flexresp2, the new version, which is supposed to be much
improved. Here's the info:
http://cerberus.sourcefire.com/~jeff/archives/snort/sp_respond2/
Of course, he'll have to do the usual span port stuff on his switches,
or run snort_inline instead, which is really an IPS.
--j
More information about the fedora-list
mailing list