[Snort-users] Portsentry and Snort

Bob Staaf rstaaf at ...1457...
Wed Mar 7 09:07:32 EST 2001


Hello all,

     Is anyone out there running Snort and Portsentry together?  The problem
I am having is that Portsentry blocks port scans before Snort can even see
them.  I wouldn't mind it so much if I didn't have 3 other servers and
various network devices that I would also like to be able to monitor.  I
would like to get a sense what the rest of you are using to secure your
Linux servers?  I have dabbled with setting up an ipchains firewall in the
past but, am not sure whether I will get the same results in that it will
block scans before Snort can see them.  This server has dual nics and one
thought I had would be to run snort on one of the nics without an IP address
and possibly a receive only cable and run Portsentry on the other nic with
an IP address.  Do any of you see any potential security problems with such
a configuration?

Any advice here would be greatly appreciated!

Thanks

Bob





More information about the Snort-users mailing list