Snort
Everyone who has some thing to do with Network Security will know about Snort for sure! It is one of the most robust; yet free ware and open source network intrusion prevention and detection systems. It is capable of capable of performing packet logging and real-time traffic analysis on IP networks.
Snort also has an Enterprise version. But, the free ware version is just as good. In addition to packet logging and real-time traffic analysis, it is also capable of signature, protocol and anomaly based inspection. It can also perform protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes and OS fingerprinting attempts. It can also be combined with other security software’s such as SGUIL to provide a visual representation of the attacks.
The reason for us writing about Snort is that a new version has been released – 2.8.5. The update log for this version is as follows:
- Ability to specify multiple configurations (snort.conf and everything it includes), bound either by Vlan ID or IP Address. This allows you to run one instance of Snort with multiple snort.conf files, rather than having separate processes. See README.multipleconfigs for details.
- Continued inspection of traffic while reloading a configuration. Add —enable-reload option to your configure script prior to building. See README.reload for details.
- Rate Based Attack Prevention for Connection Attempts, Concurrent Connections, and improved rule/event filtering. See README.filters for details.
- SSH preprocessor
- Performance improvements in various places
Snort supports multiple operating systems. So, depending on the operating system, you need the following – Libpcap/WinPcap, PCRE, Libnet, Barnyard.
You can download the latest version here.
You must log in to post a comment.