LinuxSecurity.com: Network Intrusion Detection Using SnortJun 19, 2000, 05:12 (0 Talkback[s])
(Other stories by Christopher Pallack, Dave Wreski)
[ Thanks to Benjamin D. Thomas for this link. ]
"Snort is a software-based real-time network intrusion detection system developed by Martin Roesh that can be used to notify an administrator of a potential intrusion attempt. The ever-increasing amount of Internet crackers, armed with "ready-to-run" exploits, as well as the sophisticated attacker that's intent on defacing your web page necessitates the use of a method to track their activity and alert you to this."
"This document takes you through the basics of intrusion detection, the steps necessary to configure a host to run the snort network intrusion detection system, testing its operation, and alerting you to possible intrusion events."
"Until now, intrusion detection devices were either dedicated-use commercial products, or not real-time and difficult to install. Snort is the solution for monitoring small TCP/IP networks where it is not cost-effective to deploy commercial products. Snort is an easy-to-use, "lightweight", and very functional alternative."