Crossnodes: Use Snort for Lightweight Intrusion Detection

“Designed to fill the gap left by expensive, heavy-duty network
intrusion detection systems, Snort is a free, cross-platform packet
sniffer, logger, and intrusion detector for monitoring smaller
TCP/IP networks. It runs on Linux/UNIX and Win32 systems. It takes
mere minutes to install and start using it.

“Some of Snort’s numerous abilities:

  • real-time traffic analysis and packet logging
  • packet payload inspection
  • protocol analysis and content searching/matching
  • detect buffer overflows, stealth port scans, CGI attacks, SMB
    probes, OS fingerprinting attempts
  • real-time alerts to syslog, user-specified files, Unix socket,
    or WinPopups via Samba

“Snort has three primary modes: packet sniffer, packet logger,
or full-blown intrusion detection system. In the grand tradition of
open/free software, it supports all manner of plugins, extensions,
and customizations: database or XML logging, small fragment
detection, and statistical anomaly detection. Packet payload
inspection is one of Snort’s most useful features. This means many
additional kinds of hostile activity can be detected…”

Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis