18 lines
905 B
Plaintext
18 lines
905 B
Plaintext
Snort is a fairly intelligent sniffer/NIDS, with a very strong rule set.
|
|
|
|
Snort can perform protocol analysis, content searching/matching and can be used
|
|
to detect a variety of attacks and probes, such as buffer overflows, stealth
|
|
port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
|
|
|
|
Snort uses a flexible rules language to describe traffic that it should collect
|
|
or pass, as well as a detection engine that utilizes a modular plugin
|
|
architecture. Snort has a real-time alerting capability as well, incorporating
|
|
alerting mechanisms for syslog, a user specified file, a UNIX socket, or
|
|
WinPopup messages to Windows clients using Samba's smbclient.
|
|
|
|
Available flavors:
|
|
postgresql - enable postgresql database logging support
|
|
mysql - enable mysql database logging support
|
|
smbalert - enable samba logging support
|
|
flexresp - enable dynamic connection killing support
|