Skip to main content
SpringerLink
Log in

Snort

  • Chapter
  • First Online:
Cyber Operations

Abstract

Snort is an open source network intrusion detection system that can be installed on Linux and Windows. It functions by first normalizing traffic, then checking the traffic against sets of rules. There are community rules, registered rules, and commercial rules for Snort available from http://www.snort.org ; it is also possible to write custom rules. To avoid false positives, Snort needs to be tuned for its environment. Snort can raise alerts when specific traffic is seen on the network; it can also detect port scans, ARP spoofing, and sensitive data like credit card numbers or social security numbers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Be sure to verify the MD5 sums!

  2. 2.

    Instructions on how to enable the EPEL repository are provided in the Notes and References section of Chapter 14.

  3. 3.

    The tree command is used to show files and directories in a tree structure. The -d flag restricts the output to directories only. This is not part of a typical Linux installation, but can be installed on, for example, Ubuntu with apt install tree.

  4. 4.

    OpenSuSE 15.0 was released in May 2018, and it follows after OpenSuSE 42.3. The means that OpenSuSE major releases come in the following order: 12 13 42 15. I am not sure why this is confusing to anyone.

  5. 5.

    By default, Snort uses a relative directory (..\log\alert.ids) to store any alerts; if this directory does not exist, Snort fails to start. This can also be avoided by specifying the absolute path for the log file, by running c:\>c:\Snort\bin\snort.exe -c c:\Snort\etc\snort.conf -l C:\Snort\log

  6. 6.

    https://tools.ietf.org/html/rfc7232 , https://developer.mozilla.org/en-US/docs/Web/HTTP/Conditional_requests

  7. 7.

    https://httpd.apache.org/docs/2.4/mod/mod_deflate.html , https://httpd.apache.org/docs/2.2/mod/mod_deflate.html

  8. 8.

    A reasonable alternative is to store the configuration file in /etc/snort/snort.conf; however, this requires a change in snort.conf, which uses the relative path ../rules for the location of the rules.

  9. 9.

    What a sense of humor.

Author information

Authors and Affiliations

  1. Towson, MD, USA

    Mike O’Leary

Authors
  1. Mike O’Leary
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Mike O'Leary

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

O’Leary, M. (2019). Snort. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_19

Download citation

Publish with us

Policies and ethics

Search

Navigation