在1998年,Martin Roesch先生用C语言开发了开放源代码(Open Source)的入侵检测系统Snort.直至今天,Snort已发展成为一个多平台(Multi-Platform),实时(Real-Time)流量分析,网络IP数据包(">Pocket)记录等特性的强大的网络入侵检测/防御系统(Network Intrusion Detection/Prevention System),即NIDS/NIPS.Snort符合通用公共许可(GPL——GUN General Pubic License),在网上可以通过免费下载获得Snort,并且只需要几分钟就可以安装并开始使用它.snort基于libpcap。
snort有三种工作模式:嗅探器、数据包记录器、网络入侵检测系统。嗅探器模式仅仅是从网络上读取数据包并作为连续不断的流显示在终端上。数据包记录器模式把数据包记录到硬盘上。网路入侵检测模式是最复杂的,而且是可配置的。我们可以让snort分析网络数据流以匹配用户定义的一些规则,并根据检测结果采取一定的动作。
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
更新日志:
2011-02-10 - Snort 2.9.0.4
[*] Improvements
* Added the Razorback "Snort as a Collector" (SaaC) dynamic preprocessor.
This is for experimental use only! Enable it by compiling with
--enable-rzb-saac.
* Fixed false positives in HTTP traffic, which were caused by large HTTP
chunks split across two packets.
* Made several updates to the Snort manual and READMEs.
* Fixed a false positive on Stream5 rule 129:15, caused by a RST following
a FIN.
下载地址:
Source
snort-2.9.0.4.tar.gz
aq-0.5.tar.gz
Binaries
snort-postgresql-2.9.0.4-1.F13.i386.rpm
snort-mysql-2.9.0.4-1.F13.i386.rpm
snort-2.9.0.4-1.src.rpm
snort-2.9.0.4-1.F13.i386.rpm
daq-0.5-1.src.rpm
daq-0.5-1.i386.rpm
Snort_2_9_0_4_Installer.exe