diff options
Diffstat (limited to 'docs/release')
-rw-r--r-- | docs/release/userguide/snort.rst | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst new file mode 100644 index 0000000..9bb6b3b --- /dev/null +++ b/docs/release/userguide/snort.rst @@ -0,0 +1,33 @@ +================ + Snort +================ + +---------- + What is Snort? +---------- + +`Snort <https://www.snort.org/>`_. is an open source network intrusion prevention system, capable +of performing real-time traffic analysis and packet logging on IP +networks. It can perform protocol analysis, content searching/matching, +and can be used to detect a variety of attacks and probes, such as buffer +overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting +attempts, and much more. + +---------- + What can I do with Snort? +---------- + +Snort has three primary uses: It can be used as a straight packet sniffer +like tcpdump, a packet logger (useful for network traffic debugging, etc), +or as a full blown network intrusion prevention system. + +---------- + How Snort works? +---------- + +Snort works with rules. Rules are a different methodology for performing +detection, which bring the advantage of 0-day detection to the table. +Unlike signatures, rules are based on detecting the actual vulnerability, +not an exploit or a unique piece of data. Developing a rule requires an +acute understanding of how the vulnerability actually works. + |