1 / 8

SNORT

SNORT. An Open Source Network Intrusion Prevention and Detection System. (NIPS and NIDS). History of Snort. Originally release in 1998 by Martin Roesch It was a designed as a “lightweight” technology Roesch’s goal was to make a “Category Killer”

ossie
Download Presentation

SNORT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SNORT An Open Source Network Intrusion Prevention and Detection System. (NIPS and NIDS)

  2. History of Snort • Originally release in 1998 by Martin Roesch • It was a designed as a “lightweight” technology • Roesch’s goal was to make a “Category Killer” • Roesch found inspiration in The Cathedral and the Bazaar • Snort evolved from “lightweight” to being very robust over time. • It is now the most widely deployed NIPS of all time.

  3. What it means to be Open Source • Free! • Is often worked on by both professional developers and enthusiasts. Which leads to more frequent release cycles and more secure code. • SOURCEfire • “We don’t sell Intrusion Detection, we sell everything else.”

  4. Main Features – 2.9.4.1 • Snort is a Rule base software. • They offer both Community Rules, and VRT certified rules. • There is also the ability to create User Defined Rules • Utilizes 3 Main modes: Sniffer mode, Packet Logger Mode, and Network Intrusion Detection System Mode.

  5. Protection from what? • DoS attacks • Buffer overflows • P2P attacks • Worms • Trojans • Backdoor attacks • Spyware • Invalid headers • Blended threats • Rate-based attacks • Zero-day threats • Port scans • VoIP attacks • Pv6 attacks • Statistical anomalies • Protocol anomalies • Application anomalies • Malformed traffic • TCP segmentation and IP fragmentation Success Stories: Conficker, Netsky, Nachi, Blaster, Sasser, Zotob and many more

  6. Pro’s and Con’s Pros Cons • Open Source • Customizable • Incredibly fast Binaries • Lots of choices • Well documented • Cross Platform • Without Source Fire (paid) there is no tech support • XML must be parsed to be utilized • Complicated Binaries (code… more of an issue for developers) • Not a real con, but it is not Cisco, and some people just really like Cisco

  7. Location • Download at: http://www.snort.org/snort-downloads • The source code it saved a *.tar.gz so for windows users you will need 7 zip to extract it. • They have offices worldwide but there primary location is in Columbia Maryland. Worldwide Headquarters9770 Patuxent Woods DriveColumbia, MD 21046, United States Phone: 800.917.4134 | +1 4102901616Fax: 410.290.0024

  8. Sources/Other Information/Questions • http://www.snort.org/ • http://www.sourcefire.com • http://www.infoworld.com/t/business/nothing-snort-070 • http://www.catb.org/esr/writings/homesteading/ • http://en.wikipedia.org/wiki/Snort_(software)

More Related