Firewall Wizards mailing list archives
firewall & IDS on the same box
From: Martin Peikert <news-innominate.list.nfr.firewiz () innominate de>
Date: 8 Jan 2001 12:02:50 GMT
vonkie () gmx net wrote: > Hi there, > > very informative list here and I can say I actually learned something (I > didn't know that much to start with ;-) ). > > My question is, if it is possible to setup a firewall and IDS on one > machine, side by side? > > The reason I'm asking is, that there are only 4 computers on my personal > network, so it would be sort off an overkill to place another one on it. > > I tried to put an IDS between my internetconnection and firewall to see > what is being thrown at me, but the only thing I'm able to do is let the > IDS > see the traffic _after_ it passed the firewall. > > I understand that this has value as well, since it intercepts attacks > where the firewall didn't, but I'd like to set it up before the firewall. > > Is this possible (and wise?) on one machine (running linux, kernel 2.2.x) Hi Ruud, of course it is possible to run an IDS on a firewall. As you are running linux, you can try snort (http://www.snort.org/) as netbased IDS and samhain (http://samhain.sourceforge.net/surround.html?main_q.html&2) as an alternative to tripwire. Additionally you want to try logcheck (ftp://ftp.cert.dfn.de/pub/tools/audit/logcheck). HTH Martin P.S.: Next time if you ask a new question, don't do it as a reply to an answer to a question. -- martin.peikert () innominate com system engineer innominate AG clustering & security the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- firewall & IDS on the same box Martin Peikert (Jan 08)