- Snort (software)
Infobox Software
name = Snort
caption =
collapsible =
author =
developer = Sourcefire, Inc.
released =
latest release version = 2.8.3
latest release date =September 5 ,2008
latest preview version =
latest preview date =
frequently updated =
programming language =
operating system =Cross-platform
platform =
size =
language =
status =
genre =Intrusion-detection system Intrusion prevention system
license =GNU General Public License
website = [http://www.snort.org/ www.snort.org]Snort is a free and open source Network Intrusion prevention system (NIPS) and network intrusion detection system (NIDS) capable of performing packet logging and real-time
traffic analysis on IP networks. Snort was written byMartin Roesch and is now developed by Sourcefire, of which Roesch is the founder and CTO. Integrated enterprise versions with purpose built hardware and commercial support services are sold by Sourcefire.Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as
buffer overflow s, stealthport scan s, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf,sguil ,OSSIM , and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the Snort source from Bleeding Edge Threats, support for packet stream antivirus scanning withClamAV and network abnormality with SPADE in network layers 3 and 4 is possible with historical observation. ( These patches seem to be no longer maintained )External links
* [http://www.snort.org/ Snort Web site]
* [http://www.sourcefire.com/ Sourcefire] - The company that owns and maintains Snort.
* [http://www.emergingthreats.net/ Emerging Threats] - Community maintained Snort rule sets.Free user interfaces:
* [http://sguil.sourceforge.net Sguil] - An open source Tcl/Tk interface for network security monitoring
* [http://base.secureideas.net Basic Analysis and Security Engine] - An open source based Snort DB web analysis tool, replaces ACID.
*Network Security Toolkit - Automatic Snort configuration and Web-based management.Commercial user interfaces:
* [http://www.sourcefire.com Sourcefire] - Enterprise intrusion prevention at speeds of up to 10Gigabit from the makers of Snort
* [http://www.activeworx.org IDS Policy Manager] - Snort Rules Management
* [http://www.appliedwatch.com Applied Watch Command Center] - Enterprise Security Management Suite for Snort
* [http://dragos.com/cerebus/ CEREBUS] -text user interface browser of unified Snort logs.
* [http://www.aanval.com/ Aanval] - Snort and Syslog analysis software (free version available)Tools for use with Snort
* [http://code.google.com/p/snort-unified-perl/ SnortUnified perl modules] - Tools for easily processing Snort unified and unified2 log files
* [http://www.skynet-solutions.net/easyids EasyIDS] - Free customized CentOS install cd containing Snort, Barnyard, BASE, ntop, and more.
Wikimedia Foundation. 2010.
