[Snort-users] combination of snort & ipchains
mailinglists at ...1153...
Tue Jan 16 10:18:04 EST 2001
Dear list members,
If I do a portscan using nmap, my ipchains log the scan with a lot of DENY
messages. But Snort does not log anything. If something occurs that is
allowed by ipchains (e.g. ping-pong), it is logged by snort.
Since I'm new to IDS, do I only have to control ports that are left open by
the packet filter, or is it possible to have Snort controlling all (1 -
65535) ports BEFORE packets hit the deny rules of ipchains?
More information about the Snort-users