RE: (no subject)

["Kalat, Andrew (ISS Atlanta)" <akalat () iss net>]

Good day,
        Sure, you could do this. For you're situation, you might want to
look at something like snort, and have it monitor your external network
interface. Although, personally, I feel it's more useful to see the things
that actually make it through my firewall. Spending time chasing attacks
that bounce off the firewall is usually a futile measure. Knowing it
happened is good, but I don't want to be woken up in the middle of the night
over it. <g>

Andrew Kalat
 

-----Original Message-----
From: vonkie () gmx net [mailto:vonkie () gmx net]
Sent: Friday, January 05, 2001 1:21 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] (no subject)


Hi there,

very informative list here and I can say I actually learned something (I
didn't know that much to start with ;-) ).

My question is, if it is possible to setup a firewall and IDS on one
machine, side by side?

The reason I'm asking is, that there are only 4 computers on my personal
network, so it would be sort off an overkill to place another one on it.

I tried to put an IDS between my internetconnection and firewall to see
what is being thrown at me, but the only thing I'm able to do is let the
IDS
see the traffic _after_ it passed the firewall.

I understand that this has value as well, since it intercepts attacks
where the firewall didn't, but I'd like to set it up before the firewall.

Is this possible (and wise?) on one machine (running linux, kernel 2.2.x)

TIA

Ruud

-- 
Sent through GMX FreeMail - http://www.gmx.net


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards