[Snort-users] Portsentry and Snort

Ralf Hildebrandt Ralf.Hildebrandt at ...821...
Wed Mar 7 09:42:45 EST 2001


On Wed, Mar 07, 2001 at 09:07:32AM -0500, Bob Staaf wrote:

>      Is anyone out there running Snort and Portsentry together?  The problem
> I am having is that Portsentry blocks port scans before Snort can even see
> them. 

Frankly, I'd say portsentry is crap. If you really insist on adding "drop"
routes for IP's offending your server, you can do that with snort (at least
I think one can execute programs as a response to triggering of a rule).

> I have dabbled with setting up an ipchains firewall in the
> past but, am not sure whether I will get the same results in that it will
> block scans before Snort can see them.

Nope.

-- 
ralf.hildebrandt at ...821...
System Engineer                                            innominate AG
Diplom-Informatiker                                 the linux architects
tel: +49.30.308806-62  fax: -698                      www.innominate.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010307/79eb9e02/attachment.sig>


More information about the Snort-users mailing list