Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger, or a full network intrusion prevention system.
- Protocol analysis and content searching/matching
- Uses a flexible rules language to describe traffic that it should collect or pass
- Detection engine that utilizes a modular plug-in architecture
- Real-time alerting capability
- Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more
Snort 2.9.3.0 has been released!
Snort 2.9.3.0 is now available on snort.org, at http://www.snort.org/snort-downloads/in the Latest Release section.
[*] New additions
* Update to flowbit rule option to allow for OR and AND of individual bits within a single rule, and allow flowbits to be used in multiple groups. See README.flowbits and the Snort manual for details.
* Dynamic output plugin architecture to provide an API that developers can write their own output mechanisms to log alert and packet data from Snort.
* Update to dcerpc2 preprocessor for improved accuracy and handling of different OSs for SMB processing. SeeREADME.dcerpc2 and the Snort manual for details.
* Updates to reputation preprocessor for handling of whitlelist and trustlists and zone information. SeeREADME.reputation and the Snort manual for details.
[*] Improvements
* Updates to http_inspect client PAF handling and server flow_depth handling.
* Logging updates to the smtp preprocessor.
* Added detailed documentation of unified2 logging configuration and logging.
* Removed --enable-decoder-preprocessor-rules configure option and hardened preprocessor and decoder rule event code. To enable old behavior such that specific preprocessor and decoder rules don't have to be explicitly added to snort.conf, add "config autogenerate_preprocessor_decoder_rules" to your snort.conf.
* Fixed SMTP mempool allocation for significant memory savings. Also tweaked memory required per stream5 session tracker.
* Force exact versioning match of running dynamic engine and dynamic engine used to build SO rules.
* User can now query reputation pp for routing table and management information.
* Update to return error messages through the control channel.
* Updates to the processing of email attachments for better handling of non-encoded attachments, and improved memory management for attachment processing.
* Improvements in HTTP Inspect for better performance with gzip decompression. Also improvements for handling simple responses, encoded query strings, transfer encoding and chunk encoding processing.
* Updates to the packet decoders to support pflog v4.
* Fix logging of multiple unified2 alerts with reassembled packets.
* Compiler warning cleanup across multiple platforms.
* Added 116:458 and 116:459 to cover fragmentation issues.
[*] Deletions
* Removed all database outputs.
Please see the Release Notes and ChangeLog for more details.
Snort Downloads
We strongly recommend that you keep pace with the latest production release. Snort is evolving all the time and to stay current with latest detection capabilities you should always have both your Snort engine and ruleset up to date.
Visit website -
http://www.snort.org/
Documentation -
http://www.snort.org/docs
For more information -
http://screenshots.portforward.com/SnapGear/SG565/Intrusion_Detection_Snort.htm
Testing Snort with Windows Sp2The snort2pfsense shell script (snort to pfSense)Making snort a Service in Server 2008Snort Config files
If you are using RHEL5, CentOS 5.5, or Fedora Core 11, please click here.
The Snort Engine is distributed both as source code and binaries for popular Linux distributions and Windows. It’s important to note that the The Snort Engine and Snort Rules are distributed separately.
- » Latest Release
- » PGP Information
- » Download from the command line
- » Snort Add-Ons and Other Cool Projects
We strongly recommend that you keep pace with the latest production release. Snort is evolving all the time and to stay current with latest detection capabilities you should always have both your Snort engine and ruleset up to date.
Name | Modified | Size | Status |
Totals: 9 Items | 17.9 MB | ||
2012-07-19 | 4.9 MB | i  | |
2012-07-19 | 472.2 kB | i  | |
2012-07-19 | 4.9 MB | i | |
2012-07-19 | 2.2 MB | i | |
2012-07-19 | 455.6 kB | i | |
2012-07-19 | 2.1 MB | i | |
2012-07-19 | 148.1 kB | i | |
2012-07-19 | 2.5 MB | i  | |
2012-07-19 | 147.3 kB | i | |
PGP Information
Snort releases 2.9.0 and above are signed with this pgp key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Snort releases 2.8.3 and above are signed with this pgp key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Snort Official DocumentationTrust Chain: This new key can be verified with this signature, signed by our previous key.
The official documentation produced by the Snort team at Sourcefire
| Title | Author |
|---|---|
Snort Users Manual | Snort Team |
| Snort FAQ | Snort Team |
| The Snort Manual (HTML) | Snort Team |
Snort Setup Guides
The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author. Authors who want comments and feedback may be emailed by clicking on their names below.
If you have a document you’d like to contribute to the Snort community contact at snort-team@sourcefire.com.
Snort Deployment Guides
The following deployment guides have been contributed by members of the Snort Community for your use. If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.
| Title | Author |
|---|---|
| Comparison of Popular Snort GUIs | James Lay |
Snort Related Whitepapers
The following Whitepapers have been written by Sourcefire employees and may help with your Snort deployment. For further information on these papers, please email snort-team@sourcefire.com
| Title | Author |
|---|---|
| VRT Methodology Whitepaper | Sourcefire Vulnerability Research Team (VRT) |
| Improving your Custom Snort Rules | Leon Ward |
| Inline Normalization using Snort 2.9.0 | Russ Combs |
| Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules | Steven Sturges |
| HTTP Evasions Revisited | Daniel Roelker |
| Target Based Fragmentation Reassembly | Judy Novak |
| Target Based Stream Reassembly | Judy Novak |
Visit website -
http://www.snort.org/
Documentation -
http://www.snort.org/docs
For more information -
http://screenshots.portforward.com/SnapGear/SG565/Intrusion_Detection_Snort.htm
Testing Snort with Windows Sp2The snort2pfsense shell script (snort to pfSense)Making snort a Service in Server 2008Snort Config files
Post a Comment