[TCLUG] intrusion detector

Tue Feb 5 16:29:53 CST 2002

----- Original Message -----
From: "Shawn Fertch" <fertch at mninter.net>
To: <tclug-list at mn-linux.org>
Sent: Tuesday, February 05, 2002 12:40 PM
Subject: Re: [TCLUG] intrusion detector

>
> Jay,
>   Aside from smoothwall, what other firewall would you recommend?
> Everything that I seem to be reading about Smoothwall is turning it sour.
> It's still at the 2.2 kernel, and I'd like to move up to the 2.4 kernel.
> I tried to build my own firewall, however, I lacked the time to really
> devote to a project of that tasking.
>
> Shawn

I have been using BBIagent (www.bbiagent.net) for over a month, I started on
a P100 but have since moved it to a 486/100.  It is the 2.4 kernel, floppy
based.  Very easy to configure.  I wrote up a review about a month ago,
after Ben mentioned it. Here it is:
Ben,

Thanks for the link (http://www.bbiagent.net/en/index.html) for the floppy
based firewall.  My Christmas project (one of several) was to replace my NT
based firewall and this one did very nicely.  The script based download is
nice, but if you are going to use ISA based NICs, make sure you know the IRQ
and I/O address, even though they say it can probe, that only works on PCI
NICs.  The administration is simple and the support via e-mail is amazing.
The doco's are pretty thin, so when I sent an e-mail on the evening of the
23rd, I expected to hear sometime today or tomorrow.  They replied within 2
hours!

The only complaint I have is that it doesn't remember the port forwarding
rules or special port blocking on reboot (or if it does, I haven't figured
it out yet).  It boots very nicely headless and all the admin is via a Java
enabled browser on the local network --can't use Konqueror :(  It is not
https, so if that is a concern to anybody, don't use this one.  It does DNS
proxy and can be a DHCP server for the local network (I use static, so
didn't try it).  I am using it with RoadRunner cable and it had no problems
getting the IP info.  It even tells the length of the lease and renewal
time.

It will run on anything 386 or better with 8 MB of RAM, but I am running it
on a P100 with shared video memory, so it is actually running on 7 MB and
according to the stats it still has 400 KB free.  I am tempted to dig out
that 386 I have lying around, just to see if it will work, but I don't think
I have enough memory in it :)

It seems to perform well, I only have a 5 node network, but my son does some
heavy downloading, and it seemed to hold up under the load.