Snort – the best open source IDS

If you are in security, you might have heard of an Intrusion Detection system, which is a device or mechanism that Snort - open source IDS - theprohack.commonitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. There are a lot of professional IDS available for commercial use,but when it comes to being free as freedom (read:open source), Snort is my favorite.Snort is is a very powerful tool open source IDS (Intrusion detection system) written by Martin Roesch & and is known to be one of the best IDS on the market even when compared to commercial IDS.Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. Like Wireshark,Snort uses the libpcap library to capture packets.

Snort can be run in 4 modes:

  1. sniffer mode: snort will read the network traffic and print them to the screen.
  2. packet logger mode: snort will record the network traffic on a file
  3. IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
  4. IPS mode: also known as snort-inline (IPS = Intrusion prevention system)

A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data..which is in fact a PHP script displaying alerts on a web interface. At the end of the day, Snort is a must have for any security researcher or  network paranoids out there..another mentionable IDS systems are Fragrouter,OSSEC HIDS and sGUIL.

You can download Snort from here

 

Like This post ?  You can buy me a Beer :)

Posted by XERO. ALL RIGHTS RESERVED.

2 comments:

  1. hello Rishabh I am very well aware about snort but since snort is an open source can u help in guiding me in HOW TO COMPILE SNORT and make our own snort.exe by making certain changes.

    ReplyDelete
  2. hello Rishabh I am very well aware about snort but since snort is an open source can u help in guiding me in HOW TO COMPILE SNORT and make our own snort.exe by making certain changes.

    ReplyDelete

Need to say something ? Spell it out :)