Difference between revisions of "SNORT"
(Created page with "{{Entry |Name=SNORT |Short description=Network intrusion detection system |Full description=Snort is a network intrusion detection system that performs real-time traffic analysis...") |
(New version) |
||
| Line 3: | Line 3: | ||
|Short description=Network intrusion detection system | |Short description=Network intrusion detection system | ||
|Full description=Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities. | |Full description=Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities. | ||
| + | |Homepage URL=http://www.snort.org/ | ||
|User level=none | |User level=none | ||
| − | |||
|Component programs=See,/contrib/README,file,in,the,distribution,for,complete,list | |Component programs=See,/contrib/README,file,in,the,distribution,for,complete,list | ||
| − | |||
|VCS checkout command=:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snort | |VCS checkout command=:pserver:anonymous@cvs.sourceforge.net:/cvsroot/snort | ||
|Computer languages=C | |Computer languages=C | ||
|Documentation note=User FAQ available from http://www.snort.org/; see same URL for complete list of documentation; user manpage included in the distribution | |Documentation note=User FAQ available from http://www.snort.org/; see same URL for complete list of documentation; user manpage included in the distribution | ||
|Paid support=http://www.sourcefire.com http://www.silicondefense.com | |Paid support=http://www.sourcefire.com http://www.silicondefense.com | ||
| − | |||
| − | |||
|IRC development=irc://irc.linux.com/snort | |IRC development=irc://irc.linux.com/snort | ||
|Related projects=RazorBack,Snort-rep,libpcap,mod_security,scanlogd,tcpdump | |Related projects=RazorBack,Snort-rep,libpcap,mod_security,scanlogd,tcpdump | ||
|Keywords=security,packet,snort,intrusion,detection,intrusion detection,packet logging,packet sniffing | |Keywords=security,packet,snort,intrusion,detection,intrusion detection,packet logging,packet sniffing | ||
| − | | | + | |Version identifier=2.9.9.0 |
| − | |Last review by= | + | |Version date=2016/11/07 |
| − | |Last review date= | + | |Version status=stable |
| + | |Version download=https://www.snort.org/downloads/snort/snort-2.9.9.0.tar.gz | ||
| + | |Last review by=Alejandroindependiente | ||
| + | |Last review date=2017/03/04 | ||
|Submitted by=Database conversion | |Submitted by=Database conversion | ||
|Submitted date=2011-04-01 | |Submitted date=2011-04-01 | ||
| − | | | + | |Status= |
| − | | | + | |Is GNU=No |
| − | | | + | |License verified date=2001-07-03 |
| − | | | + | }} |
| + | {{Project license | ||
| + | |License=GPLv2 | ||
| + | |License verified by=Janet Casey | ||
|License verified date=2001-07-03 | |License verified date=2001-07-03 | ||
| − | |||
}} | }} | ||
{{Person | {{Person | ||
| + | |Real name=Martin Roesch | ||
|Role=Maintainer | |Role=Maintainer | ||
| − | |||
|Email=roesch@clark.net | |Email=roesch@clark.net | ||
|Resource URL= | |Resource URL= | ||
| Line 63: | Line 65: | ||
|Internet-application=security | |Internet-application=security | ||
|Security=internet | |Security=internet | ||
| − | |Use=internet-application,security | + | |Use=internet-application, security |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
}} | }} | ||
{{Software prerequisite | {{Software prerequisite | ||
| Line 78: | Line 75: | ||
|Prerequisite description=libpcap | |Prerequisite description=libpcap | ||
}} | }} | ||
| + | {{Featured}} | ||
Latest revision as of 11:45, 4 March 2017
SNORT
http://www.snort.org/
Network intrusion detection system
Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more. Snort has three primary uses: as a straight packet sniffer like tcpdump(1), as a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. Snort logs packets in either tcpdump(1) binary format or in Snort's decoded ASCII format to logging directories that are named based on the IP address of the "foreign" host. It should work any place libpcap does. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. It also has real-time alerting capabilities.
Licensing
License
Verified by
Verified on
Notes
Leaders and contributors
| Contact(s) | Role |
|---|---|
| Martin Roesch | Maintainer |
Resources and communication
| Audience | Resource type | URI |
|---|---|---|
| Bug Tracking,Developer | Mailing List Info/Archive | http://lists.sourceforge.net/mailman/listinfo/snort-devel |
| Help | Mailing List Info/Archive | http://lists.sourceforge.net/mailman/listinfo/snort-announce |
| Developer | VCS Repository Webview | http://sourceforge.net/cvs/?group_id=3357 |
| Bug Tracking | mailto:roesch@clark.net | |
| Support | Mailing List Info/Archive | http://lists.sourceforge.net/mailman/listinfo/snort-users |
Software prerequisites
| Kind | Description |
|---|---|
| Required to use | libpcap |
| Required to build | libpcap |
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.