From owner-freebsd-security Tue Mar 25 11:18:36 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4083637B401 for ; Tue, 25 Mar 2003 11:18:31 -0800 (PST) Received: from gi.sourcefire.com (gi.sourcefire.com [206.103.225.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38E0743FAF for ; Tue, 25 Mar 2003 11:18:30 -0800 (PST) (envelope-from nigel@sourcefire.com) Received: from enterprise.sfeng.sourcefire.com ([10.1.1.143]) (AUTH: PLAIN nhoughton, ) by gi.sourcefire.com with esmtp; Tue, 25 Mar 2003 14:18:29 -0500 Date: Tue, 25 Mar 2003 14:18:24 -0500 (EST) From: "Nigel Houghton " Reply-To: nigel.houghton@sourcefire.com To: GiZmen Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: your mail In-Reply-To: <20030325190131.GA3776@blurp.one.pl> Message-ID: References: <20030325190131.GA3776@blurp.one.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-15.7 required=5.0 tests=IN_REP_TO,REFERENCES,USER_AGENT_PINE autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org First URL is getting old, but is still pretty valid with useful links on the bottom: http://people.freebsd.org/~jkb/howto.html The best place to start with Snort: http://www.snort.org/docs/ I don't see a real need for portsentry if you are using Snort, Kris mentioned Snort reacting to portscans in his mail, you need to look at enabling flexresponse if you want to do that. There are *many* add-ons available for Snort, check out the Snort web site for details. You might want to enable ipfw (or some firewall of your choice) and employ the judicious use of rules. Use Snort to monitor the network. The thing is, it really all depends on your setup, do you use a single host or do you have a small home network, do you serve up web sites or run a mail server, do you require remote access to your hosts or local only? All these things (and many others) have an impact on what you should be looking at to secure your environment. My advice would be to think about what you want to achieve, write down everything you want to do and explore solutions. Google is your friend. I believe you said: :> :> > Apples and oranges :) :> > :> > In brief: :> > :> > Portsentry listens for connections on various ports and can respond to :> > portscanning attempts. :> > :> > Snort is a lightweight IDS that you can use to detect miscreant behaviour :> > directed at your network. :> > :> > Both will generate logs for your perusal. :> > :> > :> > :Hi everyone, :> > : :> > :Can anybody write something about these two IDS. :> > :I dont know which one is better for freebsd 5.0 :> > :Im red something about these programs and i dont know which to chose on by :> > :freebsd box. :> > :I heard that snort is recommendet software for FBSD is that true ? :> > : :> > :Thanks for any sugestions. :> > : :> ---end quoted text--- : : hmm thanks, so it is good to have both of these programs on my box? : : Can you write me what others programs you recommend to improve security of my box. : Maybe you know some articles about that. : : thx : : -- : Best Regards: : GiZmen : : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message