Well... That will depend on the kind of rules your are running, i.e. "pass", "log" , and "alert" rules, and how you start the snort daemon. I am running snort with pmfirewall but do not want or feel the need for portsentry. In "theory", once portsentry makes an entry to '/etc/hosts.deny" you should be safe from intrusion but do watch out for outside IP addresses that get added to the "/etc/hosts.deny" file that you might need to hear from. Snort is working very nicely for me, and it is an essential part of my security for a linux-mandrake 7.2 server. There is a better place for snort questions on the snort mailing list. Check out http://www.snort.org Enjoy, Craig Woods UNIX SA ---------- Forwarded Message ---------- Subject: [Fwd: [expert] Snort and portsentry...] Date: Thu, 28 Jun 2001 14:01:11 -0500 From: Craig Woods <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] -------- Original Message -------- Subject: [expert] Snort and portsentry... Date: Fri, 29 Jun 2001 02:22:12 +0800 From: "Franki" <[EMAIL PROTECTED]> Reply-To: <[EMAIL PROTECTED]> To: "Linux Mandrake Expert Mailing List" <[EMAIL PROTECTED]> Hi all, I have a server with a very customised version of pmfirewall and portsentry... now I have just downloaded snort.. built and installed it.. now I am wondering if it will conflict with portsentry... or will portsentry block it?? anyone know about this?? any suggestions would be much appreciated. regards Frank -------------------------------------------------------
