8003eddd81
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc), and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for comments on an earlier version. From Markus Lude (maintainer), and includes changes done based on feedback from sthen@ and myself. OK abieber@ sthen@
15 lines
890 B
Plaintext
15 lines
890 B
Plaintext
Snort is an open source network intrusion detection and prevention system. It
|
|
is capable of performing real-time traffic analysis, alerting, blocking and
|
|
packet logging on IP networks. It utilizes a combination of protocol analysis
|
|
and pattern matching in order to detect a anomalies, misuse and attacks.
|
|
Snort uses a flexible rules language to describe activity that can be considered
|
|
malicious or anomalous as well as an analysis engine that incorporates a
|
|
modular plugin architecture. Snort is capable of detecting and responding in
|
|
real-time, sending alerts, performing session sniping, logging packets, or
|
|
dropping sessions/packets when deployed in-line.
|
|
|
|
Snort has three primary functional modes. It can be used as a packet sniffer
|
|
like tcpdump(1), a packet logger (useful for network traffic
|
|
debugging, etc), or as a full blown network intrusion detection and prevention
|
|
system.
|