Linux Today: Linux News On Internet Time.

More on LinuxToday

Crossnodes: Use Snort for Lightweight Intrusion Detection

Jul 15, 2002, 11:00 (2 Talkback[s])
(Other stories by Carla Schroeder)

"Designed to fill the gap left by expensive, heavy-duty network intrusion detection systems, Snort is a free, cross-platform packet sniffer, logger, and intrusion detector for monitoring smaller TCP/IP networks. It runs on Linux/UNIX and Win32 systems. It takes mere minutes to install and start using it.

"Some of Snort's numerous abilities:

  • real-time traffic analysis and packet logging
  • packet payload inspection
  • protocol analysis and content searching/matching
  • detect buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts
  • real-time alerts to syslog, user-specified files, Unix socket, or WinPopups via Samba

"Snort has three primary modes: packet sniffer, packet logger, or full-blown intrusion detection system. In the grand tradition of open/free software, it supports all manner of plugins, extensions, and customizations: database or XML logging, small fragment detection, and statistical anomaly detection. Packet payload inspection is one of Snort's most useful features. This means many additional kinds of hostile activity can be detected..."

Complete Story

Related Stories: