Snort

Snort is based on libpcap (for library packet capture), a tool that is widely used in TCP/IP traffic sniffers and analyzers. Through protocol analysis and content searching and matching, Snort detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate 'alerts' file, or to a pop-up window.

NSS Group, a European network security testing organization, tested Snort along with intrusion detection system (IDS) products from 15 major vendors including Cisco, Computer Associates, and Symantec. According to NSS, Snort, which was the sole open source freeware product tested, clearly out-performed the proprietary products.

Read more about Snort: - Snort.org provides more information and downloads. - SearchSecurity.com features a Snort Technical Guide with answers to FAQs. - Mike Chapple explains the 'top-down' IPS sensor search. - Mike Rothman explains 'Best practices for purchasing a network intrusion device.' - David Jacobs discusses intrusion prevention management packages.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Avoid security risks of Free Public WiFi wireless ad hocs The SSID "Free Public WiFi" is usually a spoofed access point used by attackers to launch man-in-the-middle attacks and steal personally identifiable... Examining Conficker: When a worm becomes a botnet Conficker may be backed by a well funded group or government intending to silently collect information. Though the hype has waned, Conficker could... Stolen FTP credentials likely in latest website attacks The latest website attack techniques use stolen user credentials instead of website vulnerabilities to crack websites and spread malware.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary intrusion detection  (SearchMidmarketSecurity.com) Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from...