Hi Varun,
Snort, iplog and portsentry are different tools for different purposes:
- Snort: full-blown network IDS. Snoops packets on the ethernet and
takes actions if it finds packets matching user-specified rules.
Actions could include logging the connection, alerting an
administrator, resetting the connection, etc.
- Iplog: Only a IP packet logger for a single host. Does not do
anything except logging. Is smart, so stops logging if it detects a
flood.
- Portsentry: Watches specific ports on your (single) server and takes
appropriate action if activity is detected on them. Usually used to
block hosts which try to hit unauthorised ports (e.g. 31337, 139,
etc).
Hope that makes things clearer.
Regards,
-- Raju
>>>>> "Varun" == Varun Varma <[EMAIL PROTECTED]> writes:
Varun> Hi! Snort is a tool (http://www.snort.org) that provides
Varun> IDS functionality, pretty much like iplog. This seems a bit
Varun> fancier though - experimental built in route deletion
Varun> etc. Claim to fame - made to a Gartner Group Report on
Varun> IDSs', alongwith Cisco et. al. You can see the link to the
Varun> report somewhere near the bottom of the homepage.
Varun> Anyone tried it? How does it stack up againt iplog and/or
Varun> portsentry?
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
================================================
To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header
Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org
=================================================
