On Tue, Oct 18, 2011 at 10:31 PM, Wesley M. wrote:
> Hi,
>
> I use OpenBSD 4.9, i'm looking for a good nids.
It depends on what you are trying to accomplish. In general OSSEC and
Snort are great intrusion detection tools to get started. OSSEC can
monitor your logs and can block IP addresses if ce
hi
if you need somthing like that ... try ossec
www.ossec.net
holger
> Hi,
>
> I use OpenBSD 4.9, i'm looking for a good nids.
>
> I found
> "scanlogd" in ports, works very well.
>
> But is there a way to work this
> last one with pf ? For example add the ip-address detected by scanlogd to
> a
* Wesley M. [2011-10-19 09:53]:
> PF is a good firewall, we can play with QoS/IP,Ports filter/NAT/ Src NAT/
> Statefull/Load Balancing/scrub
> But it is not a NIDS. ;-)
of course it isn't an IDS. we don't do marketing snake oil.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Servic
I don't agree with you either.
My opinion, is that if you have a good default deny firewall ruleset,
you can eliminate most of the threats.
Again, scans are (mostly) harmless.
Deploying a NIDS could give you false sence of security.
On Wed, 19 Oct 2011 11:52:36 +0400
"Wesley M." wrote:
> I'm n
On 2011-10-19, Wesley M. wrote:
> I'm not agree,
>
> Using PF, and only PF, we can feed a table using some parameters and it is
> filtered on one/several ports.
>
> PF can't detect Network scan like nmap or ... So it is why i use scanlogdb
> (it is in the OpenBSD Ports).
> And some people use Snor
I'm not agree,
Using PF, and only PF, we can feed a table using some parameters and it is
filtered on one/several ports.
PF can't detect Network scan like nmap or ... So it is why i use scanlogdb
(it is in the OpenBSD Ports).
And some people use Snort also for this kind of things.
PF is a good
I think it is bad practice to use something that's not even in the
base, when you have the feature in pf readily available.
pass in on vr0 inet proto tcp from any to (vr0) port ssh keep state \
(max-src-conn-rate 1/60, overload flush global)
On Wed, 19 Oct 2011 10:04:09 +0400
"Wesley M." wrote
I added this :
in pf.conf
...
table persist file "/etc/black"
...
block quick from
...
Added to crontab
pfctl -t black -T add $(cat /var/log/alert | awk '{print $6}')
What do you think about that ?
Perhaps, you have easiest way to do it ?
Now i'm looking for a small web monitor to view alerts
Hi,
I use OpenBSD 4.9, i'm looking for a good nids.
I found
"scanlogd" in ports, works very well.
But is there a way to work this
last one with pf ? For example add the ip-address detected by scanlogd to a
"Blacklist" table ?
Also, is there a way to have a web monitor to view
alert?
Perha
9 matches
Mail list logo
