If you are in security, you might have heard of an Intrusion Detection system, which is a device or mechanism that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. There are a lot of professional IDS available for commercial use,but when it comes to being free as freedom (read:open source), Snort is my favorite.Snort is is a very powerful tool open source IDS (Intrusion detection system) written by Martin Roesch & and is known to be one of the best IDS on the market even when compared to commercial IDS.Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. Like Wireshark,Snort uses the libpcap library to capture packets.
Snort can be run in 4 modes:
- sniffer mode: snort will read the network traffic and print them to the screen.
- packet logger mode: snort will record the network traffic on a file
- IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
- IPS mode: also known as snort-inline (IPS = Intrusion prevention system)
A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data..which is in fact a PHP script displaying alerts on a web interface. At the end of the day, Snort is a must have for any security researcher or network paranoids out there..another mentionable IDS systems are Fragrouter,OSSEC HIDS and sGUIL.
You can download Snort from here
Like This post ? You can buy me a Beer :)
Posted by XERO. ALL RIGHTS RESERVED.