I recently installed Snort along with Apache and MySQL. I'm relative new to intrusion detection as you may know from the following. My concern: I see a large number of connection made by apache.exe as well as mysql.exe. Just how many? Nearly 30 for apache.exe and even more for mysql.exe. My question: does this sound about right or should there be more? (of course I'm being cynical) What are some security concerns involved in leaving so many ports open? Is there a drawback in running the pig and its cohorts? (This obviously sounds ironic considering that IDS is suppose to help protect your system). Thx in advance.