2010-05-11 15:01:35 +02:00
|
|
|
Snort is an open source network intrusion detection and prevention system. It
|
|
|
|
|
is capable of performing real-time traffic analysis, alerting, blocking and
|
|
|
|
|
packet logging on IP networks. It utilizes a combination of protocol analysis
|
|
|
|
|
and pattern matchingin order to detect a anomalies, misuse and attacks.
|
|
|
|
|
Snort uses a flexible rules language to describe activity that can be considered
|
2010-05-12 17:44:12 +02:00
|
|
|
malicious or anomalous as well as an analysis engine that incorporates a modular
|
|
|
|
|
plugin architecture. Snort is capable of detecting and responding in real-time,
|
2010-05-11 15:01:35 +02:00
|
|
|
sending alerts, performing session sniping, logging packets, or dropping
|
|
|
|
|
sessions/packets when deployed in-line.
|
|
|
|
|
|
|
|
|
|
Snort has three primary functional modes. It can be used as a packet sniffer
|
|
|
|
|
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
|
|
|
|
|
or as a full blown network intrusion detection and prevention system.
|
|
|
|
|
|
2010-05-12 17:44:12 +02:00
|
|
|
Note that --libdir seems to be ignored on Slackware64; libraries are installed
|
|
|
|
|
to /usr/lib anyway.
|
