[Snort-users] combination of snort & ipchains
fygrave at ...121...
Tue Jan 16 10:47:07 EST 2001
On Tue, Jan 16, 2001 at 04:18:04PM +0100, Philipp Snizek wrote:
> Dear list members,
> If I do a portscan using nmap, my ipchains log the scan with a lot of DENY
> messages. But Snort does not log anything. If something occurs that is
> allowed by ipchains (e.g. ping-pong), it is logged by snort.
> Since I'm new to IDS, do I only have to control ports that are left open by
> the packet filter, or is it possible to have Snort controlling all (1 -
> 65535) ports BEFORE packets hit the deny rules of ipchains?
hmm.. maybe new linux kernel `feature`(?), what libpcap/linix kernel version you're using?
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
More information about the Snort-users