Very cool. Perhaps I'll be brave and allow it to block those IPs. Any way to send the Snort alerts to a syslog? I'd like to analyze them.
- Jason -----Original Message----- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 04, 2006 9:52 AM To: [email protected] Subject: RE: [pfSense-discussion] IDS yet? No, it sees everything. For example running at my WAN though nearly everything is blocked it detects portscans too and will block this IP (if enabled) so it can't start a bruteforce against my open ports. If you are lucky it will even block the intruder before it reaches open ports on your system for example :-) Holger > -----Original Message----- > From: Jason J. Ellingson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 04, 2006 3:58 PM > To: [email protected] > Subject: RE: [pfSense-discussion] IDS yet? > > > So far, I like the new Snort package. Very nice and easy to set up. > You have my praises! > > If I am correct, the Snort package only sees traffic that was not > blocked by firewall rules? > > - Jason >
