I am currently running Portsentry on a Centos 4 server. I have had several weeks of scans on port 445; someone must think Microsoft is in there somewhere. I am considering Snort 2.1 in place of Portsentry on all servers.
The problem.... before I leap I would like to know if there is an IDS that is better than Portsentry or Snort. Portsentry was my choice years ago, simply because the author of "Securing and Optimizing Linux" used it and detailed the setup.

__________________
"The future is here. It's just not evenly distributed.