Ruprecht
How is the alertmessaging by using snort?
Umm.... not quite sure that I can answer this in the way that you might expect :) Snort *can* be extremely good at detecting traffic across your own network interface. You can detect things that you didn't know about. For example I recently detected a mis-configured SSL installation which was supposed to pass an encrypted session over the net from the U.S. to England. Turns out that some important part of the info wasn't encrypted and snort showed this to me. It can do many things that other software cannot. However, there is a lot of academic argument over the fact that snort - like most other security software - can be compromised. I've discussed this with the OpenBSD people as well as quite a few Linux people. When it works in the way that it should it is quite reliable :) It does give out some good alerts depending on the command line argument that you use to start it. -- Richard www.sheflug.co.uk