El vie, 04 de 02 de 2005 a las 00:03, seberino@xxxxxxxxxxxxxxx escribiÃ: > Many people on this list including Jason O. are masters > at creating very detailed careful iptables rules that > DROP packets that have anything peculiar about them. > > (e.g. FIN without ACK, etc.) > > My iptables script just filters based on port > number and protocol. I was wondering if instead > of diving into TCP education to duplicate the > fine work Jason and others have done, > if an IDS (Intrusion Detection System) > like Snort would serve the same purpose??? > > I assume Snort **ALSO** knows what TCP flag combos > typically signify a port scan and other nasties? > > Chris > > -- > _______________________________________ > > Christian Seberino, Ph.D. > SPAWAR Systems Center San Diego > Code 2872 > 49258 Mills Street, Room 158 > San Diego, CA 92152-5385 > U.S.A. > > Phone: (619) 553-9973 > Fax : (619) 553-6521 > Email: seberino@xxxxxxxxxxxxxxx > _______________________________________ Your problem it's dead easy to solve. You *need* a firewall and *also* an IDS/IPS. Don't try to substitute one thing with the other, they are different thing and both are useful. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
