Snort mailing list archives
Sv: Snort and portsentry on same host ?
From: "Bo Jacobsen" <subs () systemhouse dk>
Date: Thu, 13 Dec 2001 12:33:29 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Hi there, does anyone know if Snort and Portsentry (in advanced mode) are able to run concurrently on the same host (and nic).Yes, i'm running it that way. They appear to function fine together... each doing it's own thing... If you're letting Portsentry adjust your ipchains/iptables rules you will of course no longer see the traffic from the host you're blocking, since it'll be impossible for that host to set up a TCP connection to your host. Hope this helps, Martijn
So what iptables blocks (drop), Snort will not se. I just thought that Snort was first in line. By the way, do you know if it's possible to have Snort execute an iptables command (just like Portsentry can do), when a condition it met. Thanks Bo bjc () image dk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and portsentry on same host ? Bo Jacobsen, SystemHouse (Dec 12)
- RE: Snort and portsentry on same host ? Martijn Heemels (Dec 12)
- Sv: Snort and portsentry on same host ? Bo Jacobsen (Dec 13)
- RE: Snort and portsentry on same host ? Martijn Heemels (Dec 13)
- RE: Snort and portsentry on same host ? Franki (Dec 19)
- Sv: Snort and portsentry on same host ? Bo Jacobsen (Dec 13)
- RE: Snort and portsentry on same host ? Martijn Heemels (Dec 12)