blob: cf0b57c75c62143f15967325a093c5f985c1c738 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Snort is an open source network intrusion detection and prevention system. It
is capable of performing real-time traffic analysis, alerting, blocking and
packet logging on IP networks. It utilizes a combination of protocol analysis
and pattern matching in order to detect a anomalies, misuse and attacks.
Snort uses a flexible rules language to describe activity that can be considered
malicious or anomalous as well as an analysis engine that incorporates a modular
plugin architecture. Snort is capable of detecting and responding in real-time,
sending alerts, performing session sniping, logging packets, or dropping
sessions/packets when deployed in-line.
Snort has three primary functional modes. It can be used as a packet sniffer
like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
or as a full blown network intrusion detection and prevention system.
This requires libdnet and daq.
|
