[buug] Convert Linux Gateway to OpenBSD
f.johan.beisser
jan at caustic.org
Thu Oct 24 16:35:33 PDT 2002
On 24 Oct 2002, Ian Zimmerman wrote:
> I agree with this. I myself have stopped running snort on my box
> a few days after switching to a DENY firewall policy, when I saw that
> all it could tell me about was a couple of harmless ping requests a
> day (the harmful ones are blocked) and it was in fact the greatest hog
> among the daemons.
depending on how you have snort configured can change what you see. since
most home networks don't have directly exposed IIS/apache/imap/pop
services, it's almost a waste of effort to run it. if you've got a full
scale production network that you WANT to detect attackers traffic on,
it's a good idea to have it running, since it'll record the attack and
allow you to see what, and how, it was done.
> The real stuff is in the kernel log, where the denied packets go.
yes.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan at caustic.org
"Champagne for my real friends, real pain for
my sham friends." -- Tom Waits
More information about the buug
mailing list