1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
================
Snort
================
----------
What is Snort?
----------
`Snort <https://www.snort.org/>`_. is an open source network intrusion prevention system, capable
of performing real-time traffic analysis and packet logging on IP
networks. It can perform protocol analysis, content searching/matching,
and can be used to detect a variety of attacks and probes, such as buffer
overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting
attempts, and much more.
----------
What can I do with Snort?
----------
Snort has three primary uses: It can be used as a straight packet sniffer
like tcpdump, a packet logger (useful for network traffic debugging, etc),
or as a full blown network intrusion prevention system.
----------
How Snort works?
----------
Snort works with rules. Rules are a different methodology for performing
detection, which bring the advantage of 0-day detection to the table.
Unlike signatures, rules are based on detecting the actual vulnerability,
not an exploit or a unique piece of data. Developing a rule requires an
acute understanding of how the vulnerability actually works.
|
