Yes, but he might refer it to someone else who works with business development (relationships between Untangle and others). Dirk is the right person to either handle it or get it handled.
This space reserved for profound thought.....which does happen on occasion."
Another great feature that would be absolutely easy to implement, and would please a lot of people : make the SMTP port that is being used configurable. Right now, the SPAM blocker, the PHISH blocker and the virus blocker have the ability to check SMTP traffic, but only SMTP traffic on port 25. Many people have their SMTP come in on another port (security or ISP that blocks port 25). This SMTP traffic on alternate ports passes al the mentioned modules unchecked. Why not make a small configuration page in the network section where you can indicate the alternate SMTP port ?
So is a kind-of-snort engine or just extra VERY GOOD snort rules? if the later, it will be really easy to include in Untangle.Originally Posted by greyman
From skimming through the information provided on their site it looks like it uses an augmented snort engine. This coupled with the resources mentioned for system requirements gives (1 GB RAM) gives me the feeling it might not be real light.
Here is a commercial version of the same type of application http://www.damballa.com
But I do like the idea of consideration for it to be added to UT.
--------------------------------
Juan Machado
--------------------------------
A lighter engine isn't going to be as thorough in this case. The 1gb is more for the java than the snort.
This does look interesting...
I remember reading about similar groups writing extended snort rules for catching botnets and other malware phoning home.
Yes, for example (of course this one doesn't have to be related to a BOT):
alert udp any any -> any 69 (msg:"TFTP GET nc.exe"; content: "|0001|"; offset:0; depth:2; content:"nc.exe"; offset:2; nocase; classtype:successful-admin; sid:1441; rev:2
but ... you don't really want any person or device trying to download NC.exe, if you know what I mean...
If interested, you can read more at http://www.giac.org/certified_profes.../gsec/4095.php
--------------------------------
Juan Machado
--------------------------------
What about this ?
http://www.bleedingsnort.com/bleeding-all.rules
http://www.bleedingthreats.net/rules/
This sounds like a good idea .. what do you guys think ?
--------------------------------
Juan Machado
--------------------------------
have them email me dmorris@untangle.com
the license is not open source so we can't include it without their permission.
if its just a set of snort rules i'm not sure it would fit so well inside IPS, unless the rules just use application layer matchers.
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
www.bleedingthreats.net ...sounds like the sort of site I usually have to add to the web filter
It may sounds like but ... it is not..www.bleedingthreats.net ...sounds like the sort of site I usually have to add to the web filter
--------------------------------
Juan Machado
--------------------------------
Posting Permissions
LinkBack URL
About LinkBacks