snort - An open source Network Intrusion Detection System (NIDS)
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. You MUST edit /etc/snort/snort.conf to configure snort before it will work! There are 5 different packages available. All of them require the base snort rpm (this one). Additionally, you may need to chose a different binary to install if you want database support. If you install a different binary package /usr/sbin/snort should end up being a symlink to a binary in one of the following configurations: plain Snort (this package, required) Please see the documentation in /usr/share/doc/snort-18.104.22.168 for more information on snort features and configuration.
|snort-22.214.171.124-1.1.fc15.i686 [5.8 MiB]||
by Lawrence R. Rogers (2013-04-18):
- Release 126.96.36.199-1 * src/build.h: updating build number to 73 * doc/README.counts, doc/snort_manual.pdf, doc/snort_manual.tex, src/decode.c, src/parser.c, src/snort.h: Added config tunnel_verdicts and tunnel bypass for whitelist and blacklist verdicts for 6in4 or 4in6 encapsulated traffic. * src/preprocessors/spp_frag3.c: Don't update IP options length and count in frag3 after allocating option buffer when receiving duplicate 0 offset fragments with IP options.
|snort-188.8.131.52-1.fc15.i386 [3.2 MiB]||
by Steve Sturges (2008-04-02):
- Added --enable-targetbased --enable-decoder-preprocessor-rules by default.