Snort (software)
From Wikipedia, the free encyclopedia
| Snort | |
| Developer: | Sourcefire, Inc |
|---|---|
| Latest release: | 2.6.1.1 / November 22, 2006 |
| OS: | Cross-platform |
| Use: | Security / IDS |
| License: | GNU General Public License |
| Website: | www.snort.org |
Snort is a free software network intrusion detection and prevention system capable of performing packet logging & real-time traffic analysis, on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire, of which Roesch is the founder and current CTO. Proprietary versions with integrated hardware and support services are sold by Sourcefire.
Snort is capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, amongst other features. The system can also be used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the snort source from Bleedingsnort, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE, in the network layer 3 and 4, is possible with historical observation.
Check Point attempted to acquire Sourcefire in 2005, but the deal fell through as both companies mutually withdrew from the acquisition process.
Snort the software package is not written in all capital letters. It is a proper name and is written as 'Snort'. The name is trademarked in this fashion. The only time it appears in all capital letters is in logo graphics.
[edit] External links
- The Bleeding Edge of Snort - Community maintained Snort rulesets.
- Snort Web site
- SOURCEfire - The company that owns and maintains Snort.
- TurboSnortRules.org - Test the performance of your Snort rules
- FLoP - FLoP. The Fast Logging Project for Snort. Decouples alert output from the Snort IDS.
[edit] User interfaces for Snort
- Applied Watch Command Center - Applied Watch Technologies - Commercial enterprise Snort management suite
- Sguil - An open source Tcl/Tk interface for network security monitoring
- IDS Policy Manager - Snort Rules Management
- CEREBUS - ncurses command shell browser of unified snort logs.
- Basic Analysis and Security Engine - The Recommended Web-based GUI frontend for Snort
- Raritan CommandCenter NOC - availability and performance management appliances with integrated Snort and dashboard.
- The Analysis Console for Intrusion Databases - The original Web-based GUI frontend for Snort (dead)
- Snortsnarf by Silicon Defense - Creates static webpages. (dead)
