On 10/5/05, jmulkerin <[EMAIL PROTECTED]> wrote:
> How about using snort and guardian.Guardian.pl will add a ipfw rule
> each time it sees an alert from Snort. You'll need to adjust the snort
> rules for what you want to alert on but its a pretty safe and
> lightweight asset. (just my novice 2
On 10/5/05, Alex de Kruijff <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 29, 2005 at 11:45:42AM -0400, Bob Johnson wrote:
> > In FreeBSD 5.4R, I tried an IPFW configuration that includes something
> > like this (plus a lot of other rules):
> >
> >check-state
> >deny tcp from any to any establis
How about using snort and guardian.Guardian.pl will add a ipfw rule
each time it sees an alert from Snort. You'll need to adjust the snort
rules for what you want to alert on but its a pretty safe and
lightweight asset. (just my novice 2 cents...)
John
Alex de Kruijff wrote:
On Thu, S
On Thu, Sep 29, 2005 at 11:45:42AM -0400, Bob Johnson wrote:
> In FreeBSD 5.4R, I tried an IPFW configuration that includes something
> like this (plus a lot of other rules):
>
>check-state
>deny tcp from any to any established
>allow log tcp from any to ${my-ip} dst-port 22 setup limi
In FreeBSD 5.4R, I tried an IPFW configuration that includes something
like this (plus a lot of other rules):
check-state
deny tcp from any to any established
allow log tcp from any to ${my-ip} dst-port 22 setup limit src-addr 3
+ other rules that use keep-state
When I do this, _every_ s
