From b1f11b54803266384cf0d9e14fcb7204dbcc79a7 Mon Sep 17 00:00:00 2001 From: Laura Sofia Enriquez Date: Mon, 23 Apr 2018 17:15:24 -0300 Subject: Snort implementation This PR has: 1. Snort VNF. 2. Documentation. Change-Id: I5df23a1b8cdb65864aa8f432ce547d6cf5f27cde Signed-off-by: Laura Sofia Enriquez --- docs/release/userguide/snort.rst | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 docs/release/userguide/snort.rst (limited to 'docs') diff --git a/docs/release/userguide/snort.rst b/docs/release/userguide/snort.rst new file mode 100644 index 0000000..9bb6b3b --- /dev/null +++ b/docs/release/userguide/snort.rst @@ -0,0 +1,33 @@ +================ + Snort +================ + +---------- + What is Snort? +---------- + +`Snort `_. is an open source network intrusion prevention system, capable +of performing real-time traffic analysis and packet logging on IP +networks. It can perform protocol analysis, content searching/matching, +and can be used to detect a variety of attacks and probes, such as buffer +overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting +attempts, and much more. + +---------- + What can I do with Snort? +---------- + +Snort has three primary uses: It can be used as a straight packet sniffer +like tcpdump, a packet logger (useful for network traffic debugging, etc), +or as a full blown network intrusion prevention system. + +---------- + How Snort works? +---------- + +Snort works with rules. Rules are a different methodology for performing +detection, which bring the advantage of 0-day detection to the table. +Unlike signatures, rules are based on detecting the actual vulnerability, +not an exploit or a unique piece of data. Developing a rule requires an +acute understanding of how the vulnerability actually works. + -- cgit 1.2.3-korg