Snort (software)

From Wikipedia, the free encyclopedia

Snort

Original author(s)	Martin Roesch
Developer(s)	Sourcefire, Inc.
Stable release	2.8.5 / September 16, 2009
Operating system	Cross-platform
Type	Intrusion-detection system Intrusion prevention system
License	GNU General Public License
Website	www.snort.org

This article is written like a personal reflection or essay and may require cleanup. Please help improve it by rewriting it in an encyclopedic style. (September 2009)

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) capable of performing packet logging and real-time traffic analysis on IP networks. Snort was written by Martin Roesch and is now developed by Sourcefire, of which Roesch is the founder and CTO. Integrated enterprise versions with purpose built hardware and commercial support services are sold by Sourcefire.

Combining the benefits of signature, protocol and anomaly based inspection Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and over 225,000 registered users Snort has become the de facto standard for IPS.

Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data.

[edit] External links

• Official website
• Sourcefire - The company that owns and maintains Snort.
• Emerging Threats - Community maintained Snort rule sets.
• Snort Inline, a modified version of Snort that will act as an Intrusion Prevention System (IPS).

Free user interfaces:

• Sguil - An open source Tcl/Tk interface for network security monitoring
• Basic Analysis and Security Engine - An open source based Snort DB web analysis tool, replaces ACID.
• Snorby - A new, open source front-end for Snort.

Commercial user interfaces:

• Sourcefire Intrusion Prevention System - Enterprise intrusion prevention at speeds of up to 10Gigabit from the makers of Snort
• CounterSnipe Network Knowledge based IPS - Enhanced snort based IPS by active profiling of networked hosts, applications and vulnerabilities.
• IDS Policy Manager - Snort Rules Management
• Aanval - Snort and Syslog analysis software (free version available)

Tools for use with Snort

• SnortUnified perl modules - Tools for easily processing Snort unified and unified2 log files
• EasyIDS - Free customized CentOS install cd containing Snort, Barnyard, BASE, ntop, and more.

v • d • e Sourcefire Key People John Burris, CEO  · Martin Roesch, CTO  · Tom McDonough, President/COO  · Todd Headley, CFO  · Douglas McNitt, General Council  · Tom Ashoff, VP of Engineering  · John Czupak, VP of Business Development  · John Negron, VP of Sales  · Lesley Pendergast, VP of Human Resources  · Chris Peterson, VP of Channel Sales Board of Directors Steven Polk, Chairman  · John Beckler, Independent  · Asheem Chandna, Independent  · Michael Cristinziano, Independent  · Tim Guleri, Independent  · John Burris, Sourcefire  · Martin Roesch, Sourcefire Products 3D System  · Defense Center  · 3D Sensor  · Intrusion Detection System  · Intrusion Prevention System  · RNA  · RUA  · Netflow Analysis  · Intrusion Agent  · VRT Certified Rules Open Source Products Snort  · ClamAV  · Daemonlogger  · OfficeCat Certifications and Training Sourcefire Security Education Program: SFCP  · SFCE  · SnortCP  · Rule Writing Best Practices  · Fundamentals of Exploit Development Philanthropy Snort Scholarship Annual Revenue: ▲US$75.7 Million (FY 2008) (up 35% from 2007)  · Employees: 291 (2009) · Stock Symbol: NASDAQ: FIRE · Website: www.Sourcefire.com