SearchEnterpriseLinux: Stopping Intruders with Snort & Friends
May 26, 2005, 11:30 (0 Talkback[s])
(Other stories by Jan Stafford)
[ Thanks to Jan
Stafford for this link. ]
"What capabilities does Snort have that might surprise
or be underused by IT managers?
"Angela Orebaugh: Snort has some powerful
functionality built into the pre-processors. These include the
ability to maintain state, fragmented packet reassembly, stream
reassembly, HTTP normalization, application decoders, portscan
detectors and performance monitoring..."