Snort (software)

From Wikipedia, the free encyclopedia

Jump to: navigation, search
Snort
Logo
Design by Martin Roesch
Developed by Sourcefire, Inc.
Latest release 2.8.4 / April 7, 2009
Operating system Cross-platform
Type Intrusion-detection system
Intrusion prevention system
License GNU General Public License
Website www.snort.org

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) capable of performing packet logging and real-time traffic analysis on IP networks. Snort was written by Martin Roesch and is now developed by Sourcefire, of which Roesch is the founder and CTO. Integrated enterprise versions with purpose built hardware and commercial support services are sold by Sourcefire.

Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the Snort source from Bleeding Edge Threats, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE in network layers 3 and 4 is possible with historical observation. ( These patches seem to be no longer maintained )

[edit] External links

Free user interfaces:

Commercial user interfaces:

Tools for use with Snort

  • SnortUnified perl modules - Tools for easily processing Snort unified and unified2 log files
  • EasyIDS - Free customized CentOS install cd containing Snort, Barnyard, BASE, ntop, and more.
Personal tools