[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: intrusion detection

Just wanted to add a word of appreciation for pftop.
Since I have a transparent bridge (which I didn't want to give an interface
to), I just loaded Can's pftop package via floppy (14K) and it runs nicely.
Not only is it great for looking at what people are doing on your network
(well, I have 3000 connections so the order and view features are nice on a
strict 80 x 24 screen), but I found the rules and labels views to be
extremely helpful for looking through and cleaning up my rules.
Again, thanks. I'm looking forward to our campus security symposium where I
get to demonstrate the use of pf against all these other high priced vendor
products (Cisco PIX, SonicWall, etc). In a meeting, Network operations here
at UC Davis told us it would cost $14,000 for a PIX to firewall a subnet; I
laughed and explained how I'd already done it with a Pentium 200. They were
a bit stunned ....
I've helped about 10 other departments so far use OpenBSD firewalls, and NOC
is at a bit of a loss to explain how these firewalls keep sprouting up
instead of their high-priced solutions. ;-)
I'm looking over Daniel's pfstat for my NAT box, which does have an
* Adam Getchell					AdamG@hrrm.ucdavis.edu
* System Architect/Programmer			(530) 752-1584
* Human Resources Information Systems	http://www.hr.ucdavis.edu/
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu