Snort project is a "lightweight" intrusion detection technology in comparison to commercially available systems.
Snort really isn't very hard to use, but there are a lot of command line options to play with, and it's not always obvious which ones go together well. This file aims to make using Snort easier for new users.
Snort can be configured to run in four modes:
- Sniffer mode, which simply reads the packets off of the network and displays them for you in a continuous stream on the console (screen).
- Packet Logger mode, which logs the packets to disk.
- Network Intrusion Detection System (NIDS) mode, the most complex and configurable configuration, which allows Snort to analyze network traffic for matches against a user-defined rule set and performs several actions based upon what it sees.
- Inline Mode, which obtains packets from iptables instead of from libpcap and then causes iptables to drop or pass packets based on Snort rules that use inline-specific rule types.
Product's homepage
What's New in This Release: [ read full changelog ]
· Added new alerts for HTTP (undefined methods & HTTP 0.9 simple requests).
· Updates to the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data that was already flushed. Also various tweaks for PAF flushing.
· Updates to the reputation preprocessor to handle shared memory switching.
· Updates to the SCADA preprocessors in their handling of PAF flushing and Modbus request/response length checking. Also tweaks in alerts for reserved DNP3 functions.
· Updates to flowbit groups to always use the group when some rules refer to a flow group while others do not refer to a group for the same flowbit.
· Updates to GTP preprocessor to check invalid extension header length for GTPv1.
· Updates to sfrt library, used in reputation preprocessor and target based configuration, when calculating memory allocated and support for IPv6.
Find us on Google+
