We have been using snort for quit a long time for our work, its good IDS but since it works on signature, u need to update and maintain your signatures files for optimum performance (drawback). If you are aware of false positive, true negative issues then u wud understand this more clearly.
Also if anybody knows Linux based Opensource IPS(Intrusion Prevention System) ...
About iptables it is just a packet filtering firewall and would not do any intrusion detection or prevention, its' just going to log, drop or accept packets depending upon your network policies. You have a tool called "firestarter" available on www.sourceforge.net which can be used even by novice for configuring iptable firewall.iptables ?
As far as i know u can use iptable and snort comination for a good network defence in linux. Iptable can be used on the router or on the gateway and snort can be fixed inside the network after iptable.
-- Gautam Pagedar Centre for information and Network Security. -- ______________________________________________________________________ Pune GNU/Linux Users Group Mailing List: ([EMAIL PROTECTED]) List Information: http://plug.org.in/mailing-list/listinfo/plug-mail Send 'help' to [EMAIL PROTECTED] for mailing instructions.
