Snort (software)
From Wikipedia, the free encyclopedia
| Snort | |
| Developer: | Sourcefire, Inc |
|---|---|
| Latest release: | 2.6.1.4 / March 26, 2007 |
| OS: | Cross-platform |
| Use: | Security / IDS |
| License: | GNU General Public License |
| Website: | www.snort.org |
Snort is a free software network intrusion detection and prevention system capable of performing packet logging and real-time traffic analysis, on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire, of which Roesch is the founder and current CTO. Proprietary versions with integrated hardware and support services are sold by Sourcefire.
Snort is capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, amongst other features. The system can also be used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the snort source from Bleeding Edge Threats, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE, in the network layer 3 and 4, is possible with historical observation.
Check Point attempted to acquire Sourcefire in 2005, but the deal fell through as both companies mutually withdrew from the acquisition process.
[edit] External links
- The Bleeding Edge of Snort - Community maintained Snort rulesets.
- Snort Web site
- SOURCEfire - The company that owns and maintains Snort.
- TurboSnortRules.org - Test the performance of your Snort rules
- FLoP - FLoP. The Fast Logging Project for Snort. Decouples alert output from the Snort IDS.
[edit] User interfaces for Snort
- Sguil - An open source Tcl/Tk interface for network security monitoring
- IDS Policy Manager - Snort Rules Management
- CEREBUS - ncurses command shell browser of unified snort logs.
- Basic Analysis and Security Engine - The Recommended Web-based GUI frontend for Snort
- Thresh - A web-based sensor tuning application for Snort
- Raritan CommandCenter NOC - availability and performance management appliances with integrated Snort and dashboard.
