On Wed, Sep 10, 2003 at 03:26:15PM -0300, Alejandro G. Belluscio wrote:
> First about the benchmarks. Are those with current versions? Because
> I've seen those graph since 3.0 and they apear very alike. I was
> wondering if there was some comparison between 3.0 and 3.3, for example.
They are t
Hello Daniel,
I've read the presentations on
http://www.deadly.org/article.php3?sid=20030909101007 and was wondering
about a couple of things.
First about the benchmarks. Are those with current versions? Because
I've seen those graph since 3.0 and they apear very alike. I was
wondering if there
On Wed, Sep 10, 2003 at 10:28:08AM -0400, Jonathan Kay wrote:
> Any ideas on how to fix this?
There are three relevant issues, I think.
First, incoming external connections to your two external addresses
should cause related outgoing replies get routed to the same interface.
If they are not (but
On Wednesday, Sep 10, 2003, at 07:28 US/Pacific, Jonathan Kay wrote:
I have set up a load-balancing PF (on a NetBSD kame box, but that
hopefully won't affect anything) and have two IP I'm redirecting ports
from. The first connection is a T1 and the second is an un-related
DSL.
This thread ma
On Wed, Sep 10, 2003 at 10:50:24AM -0500, Chris Reining wrote:
> Why don't you just run a chrooted snort on $ext_if?
choose one:
a. machines running snort usually have much higher requirements
(disk space, cpu, connection to a database?)
b. complex processes/services on a firewall is a bad thi
Why don't you just run a chrooted snort on $ext_if?
Chris
On Wed, Sep 10, 2003 at 09:25:37AM -0400, Aaron Wade wrote:
> Hi all,
> I have a 3.3 based firewall, and I am looking at deploying snort on a 3rd
> interface. It seems like dup-to is the best option for this, but I have a
> few qu
Hello all,
I have set up a load-balancing PF (on a NetBSD kame box, but that
hopefully won't affect anything) and have two IP I'm redirecting
ports from. The first connection is a T1 and the second is an un-
related DSL.
Internal:
sip0: LAN 192.168.0.1/24
External:
sip1: WAN 123.123.123.123/
Hi all,
I have a 3.3 based firewall, and I am looking at deploying snort on a 3rd
interface. It seems like dup-to is the best option for this, but I have a
few questions as to how it works.
How does dup-to work with scrub ? If scrub is reassembling packets, how
could the IDS
