> It is the first time I have read anything negative about portsentry. while a lot of what the author is saying is true portsentry and snort are two quite different things. really the only thing they have in common is that they are designed to improve the security of your network/server.
portsentry is a very simple dynamic firewall. dynamic firewalls have their uses, but i certainly wouldn't run them on a production server for an isp (to prone to blocking the wrong thing), but for my personal machine it's great, it keeps moron's away by letting them think that they've crashed my machine so they can laugh and move on. for example i was just at defcon (big hacker conference). someone nmap'd my home server from the defcon network and it was immediately invisible to the defcon network. in my mind this is a good thing. snort is a network intrusion detection system. this is a much more complicated and full featured beast. snort does stateful (i think?) inspection of all network traffic by putting it's nic into promiscuous mode. it is not designed to take action when it sees something "bad" it's designed to report on it and allow you to analysse what sort of traffic is occuring on your network. this is great for corporate networks where you are always worried about someone attacking your firewall or getting in behind your firewall. they are both great pieces of software, but they serve different purposes. adam.
