Snort: network intrusion prevention and detection system

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.

Sourcefire VRT is a group of network security experts who proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware and vulnerabilities. This team is supported by the vast resources of the open source Snort and ClamAV communities. The VRT develops and maintains the official rule set of Snort.org. Each rule is developed and tested using the same rigorous standards VRT uses for Sourcefire customers. The VRT also maintains shared object rules that are distributed for many platforms in binary format.

Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort front-ends:


Leave a Reply