[Snort-users] Portsentry and Snort
rstaaf at ...1457...
Wed Mar 7 09:07:32 EST 2001
Is anyone out there running Snort and Portsentry together? The problem
I am having is that Portsentry blocks port scans before Snort can even see
them. I wouldn't mind it so much if I didn't have 3 other servers and
various network devices that I would also like to be able to monitor. I
would like to get a sense what the rest of you are using to secure your
Linux servers? I have dabbled with setting up an ipchains firewall in the
past but, am not sure whether I will get the same results in that it will
block scans before Snort can see them. This server has dual nics and one
thought I had would be to run snort on one of the nics without an IP address
and possibly a receive only cable and run Portsentry on the other nic with
an IP address. Do any of you see any potential security problems with such
Any advice here would be greatly appreciated!
More information about the Snort-users