IDP/IDS question / suggestion
We recently had a FW hardware failure and I replaced it with a basic ubunutu server running iptables and it seems to be working well. One of our sites came under a denial of service attack and I am looking at an IDP type solution and wondering about snort. Can I run this app (or another that people can suggest) on the firewall and/or is it recommended?
The box is sitting pretty idle, so not sure on what resources but I am going to start reading up, but thought someone might already have done this and thumbs up it, or says not to, or suggests otherwise.
Thanks
|