Abstract
Snort is an open source network intrusion detection system that can be installed on Linux and Windows. It functions by first normalizing traffic, then checking the traffic against sets of rules. There are community rules, registered rules, and commercial rules for Snort available from http://www.snort.org ; it is also possible to write custom rules. To avoid false positives, Snort needs to be tuned for its environment. Snort can raise alerts when specific traffic is seen on the network; it can also detect port scans, ARP spoofing, and sensitive data such as credit card numbers or social security numbers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The direct download link is https://github.com/dugsong/libdnet/releases/tag/libdnet-1.12 .
- 2.
By default, Snort uses a relative directory (..\log\alert.ids) to store any alerts; if this directory does not exist, Snort fails to start. This can also be avoided by specifying the absolute path for the log file, by running c:\>c:\Snort\bin\snort.exe -c c:\Snort\etc\snort.conf -l C:\Snort\log.
- 3.
A reasonable alternative is to store the configuration file in /etc/snort/snort.conf; however, this requires a change in snort.conf, which uses the relative path ../rules for the location of the rules.
- 4.
What a sense of humor.
- 5.
Where is he, anyway?
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2015 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2015). Snort. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-0457-3_16
Download citation
DOI: https://doi.org/10.1007/978-1-4842-0457-3_16
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-0458-0
Online ISBN: 978-1-4842-0457-3
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)