[Snort-users] combination of snort & ipchains

Philipp Snizek mailinglists at ...1153...
Tue Jan 16 10:18:04 EST 2001


Dear list members,

If I do a portscan using nmap, my ipchains log the scan with a lot of DENY
messages. But Snort does not log anything. If something occurs that is
allowed by ipchains (e.g. ping-pong), it is logged by snort.

Since I'm new to IDS, do I only have to control ports that are left open by
the packet filter, or is it possible to have Snort controlling all (1 -
65535) ports BEFORE packets hit the deny rules of ipchains?

TIA
Philipp





More information about the Snort-users mailing list