Snort

Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. 

It can perform real-time traffic analysis, alerting, blocking and packet logging on IP networks.  It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks.   It detects a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture.  Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line.

Snort

License GNU GPL v2 Developer Sourcefire Inc. Website www.snort.org Requirements libpcap Support: Snort Documentation, Forums, Snort Rules, FAQ Selected Reviews: Unix Review, Techworld, njit.edu

Features include:

• 3 primary functional modes
• Packet Sniffer like tcpdump
• Packet logger (useful for network traffic debugging etc)
• Full blown network intrusion, detection, and prevention system
• Performs TCP stream reassembly
• Stateful protocol analysis
• Handles IP dedragmentation
• Logs the full packets when alerts are generated

Last Updated Sunday, May 04 2008 @ 05:11 AM EDT