Abstract
Snort is an open source network intrusion detection system that can be installed on Linux and Windows. It functions by first normalizing traffic, then checking the traffic against sets of rules. There are community rules, registered rules, and commercial rules for Snort available from http://www.snort.org ; it is also possible to write custom rules. To avoid false positives, Snort needs to be tuned for its environment. Snort can raise alerts when specific traffic is seen on the network; it can also detect port scans, ARP spoofing, and sensitive data like credit card numbers or social security numbers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Be sure to verify the MD5 sums!
- 2.
Instructions on how to enable the EPEL repository are provided in the Notes and References section of Chapter 14.
- 3.
The tree command is used to show files and directories in a tree structure. The -d flag restricts the output to directories only. This is not part of a typical Linux installation, but can be installed on, for example, Ubuntu with apt install tree.
- 4.
OpenSuSE 15.0 was released in May 2018, and it follows after OpenSuSE 42.3. The means that OpenSuSE major releases come in the following order: 12 ➤ 13 ➤ 42 ➤ 15. I am not sure why this is confusing to anyone.
- 5.
By default, Snort uses a relative directory (..\log\alert.ids) to store any alerts; if this directory does not exist, Snort fails to start. This can also be avoided by specifying the absolute path for the log file, by running c:\>c:\Snort\bin\snort.exe -c c:\Snort\etc\snort.conf -l C:\Snort\log
- 6.
- 7.
- 8.
A reasonable alternative is to store the configuration file in /etc/snort/snort.conf; however, this requires a change in snort.conf, which uses the relative path ../rules for the location of the rules.
- 9.
What a sense of humor.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Mike O'Leary
About this chapter
Cite this chapter
O’Leary, M. (2019). Snort. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_19
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4294-0_19
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books