Re: Snort and Portsentry ...

[Paul Schmehl <pauls () utdallas edu>]

On Sat, 2003-07-26 at 03:37, Valics Lehel wrote:
> Hi all,
>
> I'm new on SNORT, I used until today PSIONIC products, but I saw that was
> aquired by CISCO, so I think no updates will be avaible.
> I heard that SNORT can do things like PORTSENTRY AND LOGSENTRY (correct
> someone if I'm wrong), but still I'm confusing on some things.

Actually, Craig is still maintaining the software.  It's now a
sourceforge project.
http://sourceforge.net/projects/sentrytools/
> I installed SNORT, working now (it seems after 3 hours of running) and also
> ACID ..
> Now what I'm not sure that I still need to use PORTSENTRY for blocking
> attackes or SNORT will do this?

Snort will not block attacks by itself.  You have to use addon programs
to do that.  For what you want, the sentry programs are probably a much
better choice.  Snort is an enterprise capable intrusion detection
system.  It will work as a host-based system, but that's not what it's
designed for.  The Sentry tools are specifically designed to be
host-based.  I use them on every host that I control.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users