What is Snort?

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more including policy compliance.

Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well.

“The open-source community produces a number of tools with useful functionality, but rarely does it produce an app that exceeds the features and ease of use of commercial counterparts.

Snort is the rare exception. Not only is the network-based IDS competitive, but often better than commercial IDSes. Almost by happenstance, Martin Roesch created an eloquent IDS, winning enthusiastic support from the open-source community, which supports Snort with attack signatures -- often before the commercial vendors can analyze a new threat.

Since its first release in 1998, Snort has become the lingua franca of the IDS world. Its "rules" are supported by most major commercial IDS solutions, including Enterasys Networks' Dragon, Internet Security Systems' RealSecure, Intrusion Inc.'s SecureNet and Symantec's ManHunt.”

-Excerpt from Information Security December 2003 issue

 

CISSP Certified WebDreams Designs
WebDreams Designs Home Security Trends Watson Services Contact Us Snort CISSP Certified Linux Snort WebDreams Designs Contact Us Linux Snort