08acdf148f
-- This update contains a ton of fixes and features. Included is a small bit from the ChangeLog: * corrected big endian rpc decoding * stop stream4 from clobbering itself * fixed file rotation bug in spo_unified * massive speed patch for multiple CIDR blocks * corrected ICMP printing * added a ton of new signatures
22 lines
930 B
Plaintext
22 lines
930 B
Plaintext
Snort is a fairly intelligent sniffer/NIDS, with a very strong rule set.
|
|
|
|
Snort can perform protocol analysis, content searching/matching and can be
|
|
used to detect a variety of attacks and probes, such as buffer overflows,
|
|
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
|
|
and much more.
|
|
|
|
Snort uses a flexible rules language to describe traffic that it should
|
|
collect or pass, as well as a detection engine that utilizes a modular
|
|
plugin architecture. Snort has a real-time alerting capability as well,
|
|
incorporating alerting mechanisms for syslog, a user specified file, a
|
|
UNIX socket, or WinPopup messages to Windows clients using Samba's
|
|
smbclient.
|
|
|
|
WWW: ${HOMEPAGE}
|
|
|
|
Available flavors:
|
|
postgresql - enable postgresql database logging support
|
|
mysql - enable mysql database logging support
|
|
smbalert - enable samba logging support
|
|
flexresp - enable dynamic connection killing support
|