Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Crossnodes: Use Snort for Lightweight Intrusion Detection

Jul 15, 2002, 11:00 (2 Talkback[s])
(Other stories by Carla Schroeder)

"Designed to fill the gap left by expensive, heavy-duty network intrusion detection systems, Snort is a free, cross-platform packet sniffer, logger, and intrusion detector for monitoring smaller TCP/IP networks. It runs on Linux/UNIX and Win32 systems. It takes mere minutes to install and start using it.

"Some of Snort's numerous abilities:

  • real-time traffic analysis and packet logging
  • packet payload inspection
  • protocol analysis and content searching/matching
  • detect buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts
  • real-time alerts to syslog, user-specified files, Unix socket, or WinPopups via Samba

"Snort has three primary modes: packet sniffer, packet logger, or full-blown intrusion detection system. In the grand tradition of open/free software, it supports all manner of plugins, extensions, and customizations: database or XML logging, small fragment detection, and statistical anomaly detection. Packet payload inspection is one of Snort's most useful features. This means many additional kinds of hostile activity can be detected..."

Complete Story

Related Stories: