Intrusion detection is a vital part of any firewall, it’s

all very well to block traffic, but how do you know what is being blocked and

what is going through on your open service ports (SMTP, IMAP, DNS etc)?  Snort is

the most popular Intrusion Detection system around.  It’s offered as an open source project, with

a subscription available offering enhanced rules libraries.  Snort is highly configurable, with various

plug-ins for download.  Quite a few

commercial firewalls run snort under a custom web interface (look

here)!  The documentation is good and

I have compiled this on both OpenBSD and SuSe Enterprise 9 without problems.  Is anyone else using Snort, how are you

finding it?