Snort IDS

Snort is a network-based intrusion detection and prevention system written in C. Snort sniffs network packets on the wire, analyzes packet contents against known attack signatures, and logs any suspicious activities and potential intrusion attempts in a backend database for offline analysis. Snort's intrusion detection proceeds in steps: packet decoding, protocol-specific preprocessing (e.g., IP defragmentation, TCP/UDP session building, TCP reassembly), inspection (e.g., protocol analysis, payload pattern matching), and output (e.g., syslog, packet dump, UNIX socket). Snort packet acquisition module is pluggable, supporting different packet capture interfaces (e.g., libpcap, AFPacket, IPQ, NFQ, IPFW, PF_RING). Snort can be integrated with other third-party tools, such as Snorby (web-based monitoring front-end), Sguil (event-driven alert analysis), Barnyard (Snort's binary log processor) and PulledPork (Snort rule manager).

Xmodulo © 2021 ‒ AboutWrite for UsFeed ‒ Powered by DigitalOcean