2010-12-27 18:41:35 +01:00
|
|
|
Snort is an open source network intrusion detection and prevention system.
|
|
|
|
It is capable of performing real-time traffic analysis, alerting, blocking
|
|
|
|
and packet logging on IP networks. It utilizes a combination of protocol
|
|
|
|
analysis and pattern matching in order to detect a anomalies, misuse and
|
|
|
|
attacks.
|
|
|
|
Snort uses a flexible rules language to describe activity that can be
|
|
|
|
considered malicious or anomalous as well as an analysis engine that
|
|
|
|
incorporates a modular plugin architecture. Snort is capable of detecting
|
|
|
|
and responding in real-time, sending alerts, performing session sniping,
|
|
|
|
logging packets, or dropping sessions/packets when deployed in-line.
|
2010-09-21 01:23:25 +02:00
|
|
|
|
2010-12-27 18:41:35 +01:00
|
|
|
Snort has three primary functional modes. It can be used as a packet
|
|
|
|
sniffer like tcpdump(1), a packet logger (useful for network traffic
|
|
|
|
debugging, etc), or as a full blown network intrusion detection and
|
|
|
|
prevention system.
|