What is Snort, and can I use it to recover from virus attacks?

What is Snort, and can I use it to recover from virus attacks?

What is Snort, and how does it work? I've heard that it can help my organization recover quickly from virus attacks. Is that true?

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Snort is an intrusion detection facility. Quoting from the snort home page at http://www.snort.org/about.html:

"Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc.), or as a full blown network intrusion detection system."

Snort may help you to detect certain types of attacks that can take place at the security perimeter of you network. Snort is not specifically a virus detective, and it certainly is not an anti-virus solution.

Editor's note: For more information on Snort and other intrusion detection strategies, check out our Best Web Links on intrusion detection and prevention.

This was first published in July 2003