Snort (software)
Encyclopedia
Snort is a free
and open source network intrusion prevention system
(NIPS) and network intrusion detection system (NIDS)
, created by Martin Roesch
in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO
.
In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time."
Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.
In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a ruleset defined by the user. The program will then perform a specific action based on what has been identified.
There are several third-party tools interfacing Snort for administration, reporting and log analysis:
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
and open source network intrusion prevention system
Intrusion-prevention system
Intrusion Prevention Systems , also known as Intrusion Detection and Prevention Systems , are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information...
(NIPS) and network intrusion detection system (NIDS)
Network intrusion detection system
A Network Intrusion Detection System is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring of network traffic.A NIDS reads all the incoming packets and tries to...
, created by Martin Roesch
Martin Roesch
Martin Roesch founded Sourcefire in 2001 and serves as its Chief Technology Officer. A respected authority on intrusion prevention and detection technology and forensics, he is responsible for the technical direction and product development efforts...
in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO
Chief technical officer
A chief technology officer is an executive-level position in a company or other entity whose occupant is focused on scientific and technological issues within an organization....
.
In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time."
Uses
Snort’s open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans.Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection.
In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a ruleset defined by the user. The program will then perform a specific action based on what has been identified.
There are several third-party tools interfacing Snort for administration, reporting and log analysis:
See also
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- Network intrusion detection systemNetwork intrusion detection systemA Network Intrusion Detection System is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring of network traffic.A NIDS reads all the incoming packets and tries to...
(NIDS) - Metasploit ProjectMetasploit ProjectThe Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
- nmapNmapNmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
- WiresharkWiresharkWireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education...
- SguilSguilSguil is a collection of Free software components for Network Security Monitoring and event driven analysis of IDS alerts. The sguil client is written in Tcl/Tk and can be run on any operating system that supports Tcl/Tk...
- AanvalAanvalAanval is a commercial SIEM product designed specifically for use with Snort and Syslog data. Aanval has been in active development since 2003 and remains one of the longest running Snort capable SIEM products in the industry.Aanval is Dutch for "attack"....