Snort

Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IP traffic sniffers and analyzers. Through protocol analysis and content searching and matching, Snort detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate 'alerts' file, or to a pop-up window.

NSS Group, a European network security testing organization, tested Snort along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, and Symantec. According to NSS, Snort, which was the sole open source freeware product tested, clearly out-performed the proprietary products.

Read more about Snort: - The NSS Intrusion Detection Systems Group Test is available online or for downloading (registration required). - Snort.org provides more information and downloads. - SearchSecurity.com features a Snort Technical Guide with answers to FAQs. - The Software Engineering Institute provides "Writing rules and understanding alerts for Snort."

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities In this new addition to our Nessus 3 Tutorial, Mike Chapple provides examples of NASL scripts that can find known vulnerabilities in your customized... What are best practices for creating an IDS and maintaining a signature database? Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database. How to install and configure Nessus This tip introduces Nessus, and explains how to install Nessus and configure deployment.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Back Orifice  (SearchSecurity.com) Blowfish  (SearchSecurity.com)