Looking for a robust IPS/firewall/router
Has anyone used Nessus and Nexpose to test the vulnerabilities in the many open sourced UTMs available? I want to find out which catches the most attacks and blocks them.
I'm currently looking at Untangle, Astero, Pfsense, Smoothwall, and Endian.
Older posts suggests untangle is poor at intrusion detection.
I'm running Astaro at home, Untangle in some offices, neither of those distro's have triggered the ips modules in over a year, except once, when an Untangle box triggered on a web request from a client 3 times in succession.
The reality is that these ips' are behind the packet filters and nat, and so any probes or exploits are generally dropped before the ips has a chance to see them and trigger.
I have verified the lack of active exploits within networks with active snort installations set up with the latest defs and emerging threats.
The only way I see to test is to set up a box with an allow all any direction for a packet filter and nat rule, and then see what happens, I haven't had the time.
If you are behind another router/firewall (bridge mode) its highly possible ther is not any attack crossing Untangle.
Posting Permissions
LinkBack URL
About LinkBacks