[SunHELP] IDS software, SunScreen EFS 3.1, Solaris
Scott Fraser
sunhelp at sunhelp.org
Thu Apr 26 11:38:42 CDT 2001
Morning Folks,
I find myself tasked with coming up withan IDS solution for a firewall
using SunScreen 3.1 running on Solaris (SPARC).
In the past I have used products like snort, Port Sentry, etc...
Has anyone deployed one of these firewalls and also had Port Sentry
running? Were there any headaches? Gotchas?
Port Sentry
http://www.psionic.com/abacus/portsentry/
At this time, the firewall is using a rather static ruleset and not
allowing any funky traffic through. It has been installed in route mode.
And all I really want to do, is log and automatically block (drop into
/etc/hosts.deny) any IPs that try to port scan or probe the box.
Any thoughts anyone?
Cheers and Thanks in advance,
--
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Scott Fraser Myra Systems Corp.
sfraser at myra.com http://www.myra.com/
voice: 250.381.1335 ext:163 488A Bay Street
fax: 250.381.1304 Victoria, BC
cell: 250.514.4765 V8T 5H2
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
More information about the SunHELP
mailing list