[Firewall] IDS Functionality

Gene Cooper gcooper at sonoracomm.com
Fri Feb 14 16:14:09 CET 2014


Hi All,

I hope this isn't a stupid question or one that's been answered already...

I am in the process of upgrading a hosting platform to new hardware in a new 
datacenter.  Basically, I'm talking about Virtualmin on CentOS 6 bastion 
hosts (no forwarding).

Last year, I had terrible problems with botnets.  Still do.  I had to get 
really ugly by making Apache throw errors at specific (rather benign) URLs 
and then using Fail2Ban to firewall off the IP addresses at the very first 
error.  I had to add RAM and CPU and I still ended up with an 
under-performing web/mail server with many thousands of DROP rules.  It was 
NOT fun and I had to spend too much time configuring a less than perfect 
solution.

So, now that I'm upgrading, I wanted to ask it you all know of a better 
solution?  Is there any easy-to-integrate-with-AFW IDS?

Suggestions?

Thanks,

G

-- 

===========================
Gene Cooper
Sonora Communications, Inc.
1215 E. Pennsylvania Street
Tucson, AZ 85714

(520)407-2000 x101
(520)888-4060 fax

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20140214/b3139223/attachment.bin>


More information about the Firewall mailing list