FreeOS.com: Intrusion Detection Systems for your network: Part III - Installing Snort | Linux Today

FreeOS.com: Intrusion Detection Systems for your network: Part III – Installing Snort

Written By
Web Webster
Web Webster
Feb 5, 2001

“All through these series of articles, we have tried our very
best to strike a balance between the implementation of these
Intrusion Detection tools and their working principle. As a totally
paranoid System Administrator, who you should anyway be, you should
be able to assess at first hand, the various security threats that
your machines face both internally and externally. Only such an
understanding will help you decide the kind of tools to put in
place to lock down and fortify your network from intruders. In this
article we will have a look at Snort as a backup Intrusion
Detection System for you enterprise network and if it could really
scale up to the requirements of your enterprise networks.”

“The main distribution site for snort is http://www.snort.org.
Snort is distributed under the GNU GPL license by its author,
Martin Roesch (roesch@clark.net). Snort is a lightweight,
network intrusion detection system, capable of performing real-time
traffic analysis and packet logging on IP networks. It can perform
protocol analysis, content searching/matching and can be used to
detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more.
Snort uses a flexible rule language
to describe traffic that it should collect or pass, as well as a
detection engine that uses modular plugin architecture. Snort has a
real- time alerting capability as well, incorporating alerting
mechanisms for syslog, user specified files, a UNIX socket, or
WinPopup messages to Windows clients using Samba’s smbclient. Snort
has three primary uses. It can be used as a straight packet sniffer
like tcpdump(1), a packet logger (useful for network traffic
debugging, etc), or as a full blown network intrusion detection
system. Snort logs packets in either tcpdump(1) binary format or as
decoded ASCII format to logging directories that are named based on
the IP address of the “foreign” IP host. Plugins allow the
detection and reporting subsystems to be extended. Available
plugins include database logging, small fragment detection, port
scan detection, and HTTP URI normalization.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.