SNORT - 9/29/2011 Snort Wm. Arthur Conklin, PhD Assistant...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
9/29/2011 1 Snort Wm. Arthur Conklin, PhD Assistant Professor Department of Information & Logistics Technology College of Technology “Snort is designed to, uh, snort (sniff) your network looking for patterns of known attacks and warn you. It has a very large database of more than 500 attack signatures and this database is kept up-to-date. It is an intrusion detection system (IDS), not a firewall. This means that it will detect problems but will not block them. An IDS assumes that someone will receive the warning and manually resolve the problem.”
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
9/29/2011 2 3 Agenda o Background o Where to find it o Deployment o Options o Compiling o Installing 4 Background o First major release was 0.96 on Dec 22, 1998 o Written by Marty Roesch o Libpcap based lightweight IDS o Open source and free to the general public o Has been used by DoD, industry, academia, etc… o Sourcefire evens offers a commercially supported version o Snort (open source) ended – rulesets now require subscription for 30 days
Background image of page 2
9/29/2011 3 5 Background o Can do both sniffing and packet capturing (session logging) o Rule set is open to modification by user o Runs on a wide variety of platforms from Linux to Win 32 to Mac OS X to anything else you can compile it on o Has potential to be most widely deployed and implemented IDS 6 Background o Mainly a DIY type application, but there is a large user community o Lots of discussion forums, mailing lists, etc… that can provide assistance o Documentation is decent, but maintained for free so you get what you pay for o Best to have a strong UNIX background if you plan to run Snort full time
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
9/29/2011 4 7 Where to find it o Best place to find it is at www.snort.org in the download section o Source is available as a tarball o Can get RPMs (pre-compiled) for many Linux versions o Can get binary and source code for Win32 versions o Compiles fairly easily on Linux and Solaris, other OSes may take more work 8 o Commercial version: Sourcefire o Can get appliance-based, o Different models depending on line speed (3 Mbps to Gig) » Pricing from ~ $4K up Where to find it
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/21/2011 for the course CIS 3351 taught by Professor Conklin during the Spring '11 term at University of Houston.

Page1 / 14

SNORT - 9/29/2011 Snort Wm. Arthur Conklin, PhD Assistant...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online