[Snort-users] newbie questions

Fiona Whelan fiona.whelan at ...1697...
Thu Mar 29 19:17:04 EST 2001


Hello list,

I tried posting this earlier without much luck. 
I am new to snort and have a couple of questions:

1. I used to use Portsentry as my Intrusion Detection System. Then I 
was told how amaturish portsentry was and that I should switch to 
snort. My question is: how do I get snort to do the same as 
portsentry did.. ie watch ports, and if suspected attack on port, 
block the offending IP address?
2. Does the above mean that I would have to leave eth0 in promiscuous 
mode? My linux box is on a LAN with lots of different users and no 
one would like to think that one of the boxes was in promisc mode 
because they might think that that person was trying to sniff their 
passwords, etc... particulary if they were hacked.

Thanks for help with the above,


  _
 |_
 |  I O N A
_____________________________________

Get your free E-mail at http://www.ireland.com




More information about the Snort-users mailing list