[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Snort as IDS on Firewall
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm running snort on a couple boxes, including the firewall. I created a few batch files that will capture alerts from the alert.ids file, transmit them encrypted (using cryptcat) to the management station, and there automatically block the offending IP addresses by adding them to the SAM (for a certain amount of time, configurable in the snort rules). This seems to work well (I'm still working to stream line the batch files, though. I just hacked them together a few days ago). I don't see much of a performance degradation yet. Although snort, just like any other IDS, puts some overhead on the processor. If your firewall can't spare some CPU cycles (i.e. too many connections to service), then put snort on a separate machine. If you have a beefy firewall, and enough processing power, snort should run great. Regards, Frank > -----Original Message----- > From: dsullinger [mailto:[email protected]] > Sent: Wednesday, October 18, 2000 11:37 AM > > Is anyone using Snort as a intrusion detection system > with Firewall-1 on Solaris? > > What is your opinion? > > ============================================================== > ================== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================== > ================== > -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOe973ERKym0LjhFcEQJFugCeI57yi9uAkeg07JVaM8HNtInCtPsAn3aR tSlFchYiXYHS9S+AqjP7yCRh =k/gP -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|