Firewall Wizards mailing list archives
Re: a cutting-edge open-source network security project
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 05 May 2010 23:39:40 -0500
On Sun, 2010-05-02 at 15:48 -0700, travis+ml-firewalls () subspacefield org wrote:
[...] Another idea is to "federate" against attacks, so that when your IDS (say, snort) detects an attack from an external entity, you block that entity at multiple locations (each of which run DFD, but which may run entirely different OSes and firewalls). This hasn't been implemented but could prove itself rapidly useful (if engineered carefully).
When you say "this hasn't been implemented", are you referring to DFD? I'm just asking because this approach has been around for a while. Snortsam is now nearly a decade old and uses the approach of you call "federated" defense, which I call "distributed blocking fabric". (Snortsam receives block requests from one or more Snort instances and blocks on one of more firewalls, or forwards the request to other Snortsam instances). And I can attest that this approach works extremely well (detect once, protect many). So well so, that I stopped development on Snortsam for two reasons. 1) Snortsam as it stands just works :) and 2) we're enumerating so many hostile IP's (even if only blocked for periods of time) that traditional firewalls can no longer handle the load. Which led me to the development of a new firewall module that, coupled with a database driven management framework, can now handle transient shunning of millions of IP addresses. I almost completed my migration from Snortsam to the new framework. Anyway, it looks like your DFD has a couple interesting features (for example, the dynamic NAT stuff). BTW: I'm starting a block-peering project for the exchange of hostile IP block information. If you are interested in exchanging hostile IP information, contact me off-list. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- a cutting-edge open-source network security project travis+ml-firewalls (May 03)
- Re: a cutting-edge open-source network security project Frank Knobbe (May 06)
- Re: a cutting-edge open-source network security project ArkanoiD (May 07)
- Re: a cutting-edge open-source network security project travis+ml-firewalls (May 17)
- Re: a cutting-edge open-source network security project travis+ml-firewalls (May 07)
- Re: a cutting-edge open-source network security project ArkanoiD (May 07)
- Re: a cutting-edge open-source network security project Darren Reed (May 19)
- Re: a cutting-edge open-source network security project Thomas Ptacek (May 20)
- Re: a cutting-edge open-source network security project Darren Reed (May 20)
- Re: a cutting-edge open-source network security project Thomas Ptacek (May 20)
- Re: a cutting-edge open-source network security project Frank Knobbe (May 06)