Many people on this list including Jason O. are masters at creating very detailed careful iptables rules that DROP packets that have anything peculiar about them. (e.g. FIN without ACK, etc.) My iptables script just filters based on port number and protocol. I was wondering if instead of diving into TCP education to duplicate the fine work Jason and others have done, if an IDS (Intrusion Detection System) like Snort would serve the same purpose??? I assume Snort **ALSO** knows what TCP flag combos typically signify a port scan and other nasties? Chris -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@xxxxxxxxxxxxxxx _______________________________________
