snort on SWiK

http://creativecommons.org/licenses/by-sa/2.5/ snort on SWiK http://swik.net/snort snort <p>Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.</p> <h3>Features</h3> <ul> <li>Content searching and matching</li> <li>Protocol analysis</li> <li>Common attack and probe detection</li> </ul> <h3>Frontends</h3> <p>Snort is simply a network monitor, it doesn’t provide a sophisticated <span class="caps">GUI</span> through which to see and respond to security events. Several 3rd party open source projects fulfill this purpose however:</p> <ul> <li><a class="wikilink" href="http://swik.net/SnortSnarf">SnortSnarf</a></li> <li><a class="wikilink" href="http://swik.net/sguil">sguil</a></li> <li><a class="wikilink" href="http://swik.net/BASE"><span class="caps">BASE</span></a></li> </ul> <h3>External Links</h3> <ul> <li><a rel="nofollow" href="http://securityfocus.com/infocus/1421">Installing and configuring snort</a></li> <li><a rel="nofollow" href="http://packetstormsecurity.nl/papers/IDS/snort_rules.htm">Writing Snort Rules</a></li> </ul> Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. Features Content searching and matching Protocol analysis Common attack and probe detection Frontends Snort is simply a network monitor, it doesn’t provide a sophisticated GUI through which to see and respond to security events. Several 3rd party open source projects fulfill this purpose however: SnortSnarf sguil BASE http://swik.net/snort snort Security linux network tools ids sourcefire License:GPL Thu, 16 Jun 2005 10:01:58 -0700 Thu, 22 Jun 2006 17:41:31 -0700 Intrusion Detection using BASE and Snort - Debian Wiki http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Intrusion+Detection+using+BASE+and+Snort+-+Debian+Wiki/chdoz Sat, 11 Oct 2008 10:28:55 -0700 Complete Snort-based IDS Architecture, Part One http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Complete+Snort-based+IDS+Architecture%2C+Part+One/chdoy Sat, 11 Oct 2008 10:28:55 -0700 Snort as a NIDS on a home Debian system http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Snort+as+a+NIDS+on+a+home+Debian+system/chdox Sat, 11 Oct 2008 10:28:54 -0700 SIPVicious: Detecting SIP attacks with Snort http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/SIPVicious%3A+Detecting+SIP+attacks+with+Snort/chdow Sat, 11 Oct 2008 10:28:54 -0700 How to test Snort http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/How+to+test+Snort/chc78 Sat, 11 Oct 2008 06:29:42 -0700 Simple SOHO IDS with Snort & a DIY Network TAP http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Simple+SOHO+IDS+with+Snort+%26+a+DIY+Network+TAP/chbkt Fri, 10 Oct 2008 14:04:32 -0700 Snort - the de facto standard for intrusion detection/prevention http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Snort+-+the+de+facto+standard+for+intrusion+detection%2Fprevention/chbks Snort - the de facto standard for intrusion detection/prevention Fri, 10 Oct 2008 14:04:31 -0700 Emerging Threats - Rule Downloads http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Emerging+Threats+-+Rule+Downloads/chaaz Fri, 10 Oct 2008 07:06:14 -0700 Intrusion Prevention and Detection Systems : IPS : IDS | Sourcefire http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Intrusion+Prevention+and+Detection+Systems+%3A+IPS+%3A+IDS+%7C+Sourcefire/cg9yw Fri, 10 Oct 2008 05:07:53 -0700 SCADA IDS Signatures - SCADApedia http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/SCADA+IDS+Signatures+-+SCADApedia/cg7ky Thu, 09 Oct 2008 17:58:14 -0700 PacketProtector.org: security solution for wireless routers http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/PacketProtector.org%3A+security+solution+for+wireless+routers/cg7ku Thu, 09 Oct 2008 17:58:14 -0700 Evading NIDS, revisited http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Evading+NIDS%2C+revisited/cg7ks Thu, 09 Oct 2008 17:58:14 -0700 Snort - the de facto standard for intrusion detection/prevention http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Snort+-+the+de+facto+standard+for+intrusion+detection%2Fprevention/cg7kp SNORT® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry. Thu, 09 Oct 2008 17:58:14 -0700 SourceForge.net: HenWen http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/SourceForge.net%3A+HenWen/cg7km HenWen is a network security package for Mac OS X that makes it easy to configure and run Snort, a free Network Intrusion Detection System. HenWen's goal is to simplify setting up and maintaining software that scans the network for undesirable traffic. Thu, 09 Oct 2008 17:58:13 -0700 Perfect Setup Of Snort + Base + PostgreSQL On Ubuntu 6.06 LTS | HowtoForge - Linux Howtos and Tutorials http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Perfect+Setup+Of+Snort+%2B+Base+%2B+PostgreSQL+On+Ubuntu+6.06+LTS+%7C+HowtoForge+-+Linux+Howtos+and+Tutorials/cg033 Tue, 07 Oct 2008 06:48:18 -0700 Activeworx.org - Security Tools - Snort IDS Software http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Activeworx.org+-+Security+Tools+-+Snort+IDS+Software/cgzub Mon, 06 Oct 2008 23:52:31 -0700 Mis recetas favoritas con Linux y Python: Snort: configuración básica para la detección de intrusos http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Mis+recetas+favoritas+con+Linux+y+Python%3A+Snort%3A+configuraci%C3%B3n+b%C3%A1sica+para+la+detecci%C3%B3n+de+intrusos/cgyle Mon, 06 Oct 2008 14:43:40 -0700 SourceForge.net: Barnyard http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/SourceForge.net%3A+Barnyard/cgwrc Mon, 06 Oct 2008 05:43:31 -0700 Oinkmaster http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Oinkmaster/cgwrb Mon, 06 Oct 2008 05:43:31 -0700 http://rackerhacker.com/2007/05/27/install-snort-and-base-on-freebsd/ http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/http%3A%2F%2Frackerhacker.com%2F2007%2F05%2F27%2Finstall-snort-and-base-on-freebsd%2F/cgwra Mon, 06 Oct 2008 05:43:31 -0700 Real-Time Alerting with Snort - The Community's Center for Security http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Real-Time+Alerting+with+Snort+-+The+Community%27s+Center+for+Security/cgv8g Mon, 06 Oct 2008 02:51:35 -0700 FreeBSD Snort-Inline http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/FreeBSD+Snort-Inline/cgv0k Mon, 06 Oct 2008 01:35:22 -0700 CipherDyne Security http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/CipherDyne+Security/cgtw8 Sun, 05 Oct 2008 09:41:02 -0700 The Snort-ids Archives http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/The+Snort-ids+Archives/cgslu Sat, 04 Oct 2008 19:58:57 -0700 SNORT Brasil - Como funciona http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/SNORT+Brasil+-+Como+funciona/cgslt Sat, 04 Oct 2008 19:58:51 -0700 The ICSI Networking Group Blog: Bro's Signature Engine http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/The+ICSI+Networking+Group+Blog%3A+Bro%27s+Signature+Engine/cgseq Sat, 04 Oct 2008 17:54:10 -0700 When {Puffy} Meets ^RedDevil^: Emerging Bro http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/When+%7BPuffy%7D+Meets+%5ERedDevil%5E%3A+Emerging+Bro/cgsep Sat, 04 Oct 2008 17:54:10 -0700 GuTi.my Network Security — Trapped inside the World of Network Security http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/GuTi.my+Network+Security+%E2%80%94+Trapped+inside+the+World+of+Network+Security/cgseo Sat, 04 Oct 2008 17:54:10 -0700 Security - The Global Perspective http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Security+-+The+Global+Perspective/cgsen Sat, 04 Oct 2008 17:54:10 -0700 Eating Security http://swik.net/snort/del.icio.us%2Ftag%2Fsnort/Eating+Security/cgsem Sat, 04 Oct 2008 17:54:10 -0700