diff options
Diffstat (limited to 'network/snort/README')
-rw-r--r-- | network/snort/README | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/network/snort/README b/network/snort/README new file mode 100644 index 0000000000..6a15d09b62 --- /dev/null +++ b/network/snort/README @@ -0,0 +1,42 @@ +Snort is an open source network intrusion detection and prevention system. It +is capable of performing real-time traffic analysis, alerting, blocking and +packet logging on IP networks. It utilizes a combination of protocol analysis +and pattern matchingin order to detect a anomalies, misuse and attacks. +Snort uses a flexible rules language to describe activity that can be considered +malicious or anomalous as well as an analysis engine that incorporates a modular +plugin architecture. Snort is capable of detecting and responding in real-time, +sending alerts, performing session sniping, logging packets, or dropping +sessions/packets when deployed in-line. + +Snort has three primary functional modes. It can be used as a packet sniffer +like tcpdump(1), a packet logger (useful for network traffic debugging, etc), +or as a full blown network intrusion detection and prevention system. + +Please read the snort_manual.pdf file that should be included with this +distribution for full documentation on the program as well as a guide to +getting started. + +This package builds a very basic snort implimentation useful for monitoring +traffic as an IDS or packet logger and as a sort of improved tcpdump (which +is what I use it for). MySQL support is included, so you should have little +trouble hooking snort up to a database or ACID. For more information on +these, check out snort's homepage at: + + http://www.snort.org/ + http://www.snort.org/docs/ + +snort.org has a nasty habit of changing the location of their source +code, which means there's no garauntee that the link in snort.info is +correct. If you can't get that link to work, look for the source code at: + + http://www.snort.org/dl/old/ + +Please note that this build script disables dynamic plugins. This can be +easily added by deleting the following line in the script. + + --disable-dynamicplugin \ + +This will put the headers and source for dynamic plugins into /usr/src/snort. +There is no rc.snort script included with this script at this time, but you +should have little trouble creating one of your own. Please e-mail me with +any questions or comments. -- Alan Hicks <alan@lizella.net> |