[Snort-users] newbie questions
fiona.whelan at ...1697...
Thu Mar 29 19:17:04 EST 2001
I tried posting this earlier without much luck.
I am new to snort and have a couple of questions:
1. I used to use Portsentry as my Intrusion Detection System. Then I
was told how amaturish portsentry was and that I should switch to
snort. My question is: how do I get snort to do the same as
portsentry did.. ie watch ports, and if suspected attack on port,
block the offending IP address?
2. Does the above mean that I would have to leave eth0 in promiscuous
mode? My linux box is on a LAN with lots of different users and no
one would like to think that one of the boxes was in promisc mode
because they might think that that person was trying to sniff their
passwords, etc... particulary if they were hacked.
Thanks for help with the above,
| I O N A
Get your free E-mail at http://www.ireland.com
More information about the Snort-users