Good decision re Linux and its not so difficult now. I would suggest
Fedora (I'm using Core 3) as it is an SELinux enabled distro and fairly
bleeding edge. Really informative install guides are at
http://fedoranews.org/mediawiki/index.php/Stanton_Finley
and
http://www.howtoforge.com/perfect_setup_fedora_core_3
It has software RAID. If you would like to use this it's very easy to
set up during installation.
There is a vast amount of help available on line.
http://www.linuxhomenetworking.com/#Linux%20Main
is an excellent starting point.
Good luck
On Sun, 2006-01-29 at 16:45 +0530, Neil wrote:
Yeah, well, in all my readings and largely from the mail on this list,
I've come to the conclusion that Snort definitly won't give me
iptable-functionality on a windows box.
My solution is one I should've done a while ago: start using linux. Of
course, thats much harder than it sounds, but we'll see how it turns out.
Thanks to the list for all the help.
Cheers,
Neil
On 1/26/2006 3:02 AM, coder wrote:
I should probably add that the only two ways I know of making snort into an
IPS;
is by either using snort-inline, which would require IPTables (and this is a
windows question) or
using "flex response" (not sure if this comes with the windows version of
snort), the downfall of flex response
is that is just sends an RST packet to break the connection (this however
does not stop the attacker from re-connecting)
also, you would have to write your own rules such as:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-IIS CodeRed v2
root.exe access"; flags: A+; uricontent:"scripts/root.exe?";
nocase;resp:rst_snd;)
(you can see the rst_snd at the end)
but, as "shrek-m" and I (in my earlier email) said, snort cannot really be
used as a firewall.
Regards,
Davie
----- Original Message -----
From: <shrek-m@gmx.de>
To: <security-basics@securityfocus.com>
Sent: Tuesday, January 24, 2006 10:17 PM
Subject: Re: Snort as Firewall (WinXP)
Neil wrote:
From what I've read, a couple people have tried, but most people were of
the opinion to use Snort as an IDS, and have a separate firewall.
bingo.
If anyone has done it, do you recommend it? Why/why not?
For those who are against using it as a firewall, again, why?
"snort" iirc is a ids/ips and no firewall
http://www.snort.org/
eg. "iptables" iirc is a firewall and no ids/ips
http://iptables.org/
--
shrek-m
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
--
Tony Barry
No Bull Services
PO Box 51528
Pakuranga
Auckland
021 413642
09 5768552
http://www.NO-BULL.CO.NZ
*************************************************************************
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the addressee/s.
If you have received this e-mail in error please notify the sender.
*************************************************************************
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
