Snort

Snort is a Système of free detection of intrusion under license LPG. In the beginning writes by Martin Roesch, it currently belongs to Sourcefire (whose acquisition by Check Point had been envisaged in 2005 but was cancelled thereafter). Commercial releases integrating of the material and the services of supports are sold by Sourcefire.

Presentation

Snort is able to also carry out in real-time of the analyzes of traffic and logger the packages on a network IP. It can carry out analyzes of protocol, seeks/correspondence of contents and can be used to detect a large variety of attacks and probes like goings beyond of buffers, scans, attacks on cgi, probes SMB, test of OS fingerprinting S and much more. However, like any software, Snort is not infallible and requires a regular update.

Snort can also be used with other open projects sources such as SnortSnarf, ACID, Sguil and BASE ( BASIC Analysis and Security Engine ) in order to provide a visual representation of the data concerning the possible intrusions.

See too

• Filter BPF

• BASIC Analysis and Security Engine
• Scanner of vulnerability

External bonds

• Official site
• The Bleeding Edge off Snort: The Community maintaining of the sets of rules (rulesets) for Snort
• TurboSnortRules.org: Benchmark for rules Snort

Random links:

Surrey (county) | Trichomonas intestinalis | Fabricio Coloccini | Tulipa praestans | Joaquín Gaztambide | La_cathédrale_de_Canute_de_saint

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org