Author Topic: Snort is a free open source network intrusion detection and prevention system  (Read 1566 times)

0 Members and 1 Guest are viewing this topic.

Software Santa

  • Administrator
  • *****
  • Posts: 4271
Snort is a free, open source network intrusion detection and prevention system for Linux or Windows

About Snort

Originally released in 1998 by Sourcefire founder and CTO Martin Roesch, Snort is a free, open source network intrusion detection and prevention system capable of performing real-time traffic analysis and packet logging on IP networks. Initially called a “lightweight” intrusion detection technology, Snort has evolved into a mature, feature-rich IPS technology that has become the de facto standard in intrusion detection and prevention. With nearly 4 million downloads and approximately 300,000 registered users Snort, it is the most widely deployed intrusion prevention technology in the world.

Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), or a full-blown network intrusion prevention system.

The Power of Open Source Development

The roots of Snort's development methodology hail from the open source movement, a movement pioneered by Richard Stallman at MIT during the 1980's. The idea behind open source is that all software should have source code available and be developed by communities of interested developers. This ideology and the power that it unleashes to develop superior software was further explained and highlighted in what is considered to be the seminal treatise on open source development, "The Cathedral and the Bazaar" by Eric S. Raymond. In "The Cathedral and the Bazaar," Raymond outlines how the open source development methodology can be leveraged to create superior software compared to traditional proprietary methods. The Snort project relies on this ideology heavily and its impact shows. In test after test, Snort has come out at or near the top of the heap when compared head-to-head with other intrusion detection and prevention technologies.
« Last Edit: February 09, 2015, 11:47:07 PM by Software Santa »