RE: Snort and portsentry on same host ?

["Martijn Heemels" <martijn () heemels com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > > Hi there, does anyone know if Snort and Portsentry (in advanced
> > >  mode) are able to run concurrently
> > > on the same host (and nic).
> >
> > Yes, i'm running it that way. They appear to function fine
> > together... each doing it's own thing...
> > If you're letting Portsentry adjust your ipchains/iptables rules
> > you will of course no longer see the traffic from the host you're
> > blocking, since it'll be impossible for that host to set up a TCP
> > connection to your host.
>
> So what iptables blocks (drop), Snort will not se. I just thought 
> that Snort was first in line.
There have been many discussions on this subject on the list. You
might want to check the archives.
> By the way, do you know if it's possible to have Snort execute an 
> iptables command (just
> like Portsentry can do), when a condition it met.

I've never tried it myself, but I believe you can use FlexResp to do
this. You can at least send a reset packet to stop a connection.

Greets, Martijn

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPBiYcRLMC0rbivl4EQLgAwCgulNakuAiejAUMz6g/0p0UxirHdwAoNVq
g2nbcVOqJKJZbMOWi36tUVqg
=z1DI
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users