Just wanted to add a word of appreciation for pftop.
Since I have a transparent bridge (which I didn't want to give an interface
to), I just loaded Can's pftop package via floppy (14K) and it runs nicely.
Not only is it great for looking at what people are doing on your network
(well, I have 3000
Does pf have a syntax for intrusion detection?
Id not what do you guys recommend? Nessus? Snort? Prelude?
--Bryan
On 22 Jan 2003, Bryan Irvine wrote:
Does pf have a syntax for intrusion detection?
kidding
Sure!
intrusion detection on fxp0 from any to any keep state
This gives you stateful instrusion detection.
/kidding
C'mon man !.. What is a syntax for intrusion detection ?
Have you ever seen something
Hmm Maybe he's talking about **deep packet inspection**?
http://www.zdnet.com/filters/printerfriendly/0,6061,2898730-92,00.html
C'mon man !.. What is a syntax for intrusion detection ?
Have you ever seen something like you told.
What are you expecting? What kind of syntax ?
While pf has no syntax for intrusion detection, it has some nice features
that aid in intrusion detection.
scrub: makes sure that the intrusion detection system inside the firewall
cannot be fooled by fragments and similiar other tricks that would cause
hosts and the ids see different packet
On Wednesday 22 January 2003 03:35 pm, Bryan Irvine wrote:
Does pf have a syntax for intrusion detection?
Id not what do you guys recommend? Nessus? Snort? Prelude?
--Bryan
I would recommend you look at using nessus to scan your network for
vulnerabilites and patch/reconfig your services
