Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is Snort the right tool for the job?

    IDS/IPS
    1
    1
    595
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rkelleyrtp last edited by

      Greetings all,

      Looking for some advice.  I am running pfSense 2.2.6 on a data center firewall protecting our hosted web servers.  Recently, we have been asked to allow SFTP connectivity to these servers for remote file management.  To that end, I have created some NAT connections on the WAN side pointing to some of the internal servers.  For example, I have a NAT rule redirecting external port 41250 to an internal host on port 32001 (SFTP server running on non-standard port).  So far, so good.

      I now need a way to protect the NAT connections from DDOS/abusers in the wild.  Essentially, I need a tool that will watch for incoming connections on a range of ports (ie: 41250-42250) and block remote IPs if we get excessive traffic (ie: 5 connection attempts in 10seconds).  These could be temporary or permanent depending on how many failures occur during a given time period.  I could do something similar with iptables and fail2ban, but I want these connections terminated as close to the firewall as possible.

      After doing some research, it appears Snort might be the tool for the job.  Thus, my questions:

      • Is Snort the right tool for the job?  If not, which tool would work best under pfSense?

      • Assuming Snort is the right tool, what kind of custom rule(s) need to be created to make this happen?  An example would be great.

      Thanks in advance…

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy