Snort
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
downloads - http://www.snort.org/dl/
docs - http://www.snort.org/docs/
Bookmark This Post:
shane said,
August 17, 2006 @ 11:05 am
Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the snort source from Bleedingsnort, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE, in the network layer 3 and 4, is possible with historical observation.