M
Mel
What is Snort?
==============
Snort is an open source network intrusion prevention system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer
overflows, stealth port scans, CGI attacks, SMB probes, OS
fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should
collect or pass, as well as a detection engine that utilizes a modular
plugin architecture. Snort has a real-time alerting capability as well,
incorporating alerting mechanisms for syslog, a user specified file, a
UNIX socket, or WinPopup messages to Windows clients using Samba's
smbclient.
Snort has three primary uses. It can be used as a straight packet
sniffer like tcpdump(1), a packet logger (useful for network traffic
debugging, etc), or as a full blown network intrusion prevention system.
http://www.snort.org/
About Snort
===========
In 1998, Martin Roesch wrote an open source technology called Snort,
which he termed a "lightweight" intrusion detection technology in
comparison to commercially available systems. Today that moniker doesn't
even begin to describe the capabilities that Snort brings to the table
as the most widely deployed intrusion prevention technology worldwide.
Over the years Snort has evolved into a mature, feature rich technology
that has become the de facto standard in intrusion detection and
prevention. Recent advances in both the rules language and detection
capabilities offer the most flexible and accurate threat detection
available, making Snort the "heavyweight" champion of intrusion
prevention.
==============
Snort is an open source network intrusion prevention system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer
overflows, stealth port scans, CGI attacks, SMB probes, OS
fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should
collect or pass, as well as a detection engine that utilizes a modular
plugin architecture. Snort has a real-time alerting capability as well,
incorporating alerting mechanisms for syslog, a user specified file, a
UNIX socket, or WinPopup messages to Windows clients using Samba's
smbclient.
Snort has three primary uses. It can be used as a straight packet
sniffer like tcpdump(1), a packet logger (useful for network traffic
debugging, etc), or as a full blown network intrusion prevention system.
http://www.snort.org/
About Snort
===========
In 1998, Martin Roesch wrote an open source technology called Snort,
which he termed a "lightweight" intrusion detection technology in
comparison to commercially available systems. Today that moniker doesn't
even begin to describe the capabilities that Snort brings to the table
as the most widely deployed intrusion prevention technology worldwide.
Over the years Snort has evolved into a mature, feature rich technology
that has become the de facto standard in intrusion detection and
prevention. Recent advances in both the rules language and detection
capabilities offer the most flexible and accurate threat detection
available, making Snort the "heavyweight" champion of intrusion
prevention.