SNORT, is a free and open source Intrusion Detection and Prevention System developed by Sourcefire. Snort utilizes the combination of signatures, protocol and anomaly based inspection to detect malicious traffic passing through. Snort performs packet logging, log analysis, content searching and matching on real time basis to be able to detect attacks such as buffer overflows, stealth port scans, CGI attacks, SMB probes, denial of service, OS fingerprinting etc.

With a large community contribution, snort use rules that describe the traffic that is collected. For snort to be able to analyse traffic properly, it is advised that snort collect traffic from a switch with mirrored port.

Deployment of snort can be complimented with other tools such as snorby which gives an easy to use application that runs on top of snort and sguil which utilizes snort to perform network security monitoring.


Leave a Reply

You must be logged in to post a comment.