SNORT

Download Report

Transcript SNORT 

SNORT
An Open Source Network
Intrusion Prevention and
Detection System.
(NIPS and NIDS)
History of Snort
•
•
•
•
Originally release in 1998 by Martin Roesch
It was a designed as a “lightweight” technology
Roesch’s goal was to make a “Category Killer”
Roesch found inspiration in The Cathedral and
the Bazaar
• Snort evolved from “lightweight” to being very
robust over time.
• It is now the most widely deployed NIPS of all
time.
What it means to be Open Source
• Free!
• Is often worked on by both professional
developers and enthusiasts. Which leads to
more frequent release cycles and more secure
code.
• SOURCEfire
• “We don’t sell Intrusion Detection, we sell
everything else.”
Main Features – 2.9.4.1
• Snort is a Rule base software.
• They offer both Community Rules, and VRT
certified rules.
• There is also the ability to create User Defined
Rules
• Utilizes 3 Main modes: Sniffer mode, Packet
Logger Mode, and Network Intrusion Detection
System Mode.
Protection from what?
•
•
•
•
•
•
•
•
•
•
DoS attacks
Buffer overflows
P2P attacks
Worms
Trojans
Backdoor attacks
Spyware
Invalid headers
Blended threats
Rate-based attacks
•
•
•
•
•
•
•
•
•
Zero-day threats
Port scans
VoIP attacks
Pv6 attacks
Statistical anomalies
Protocol anomalies
Application anomalies
Malformed traffic
TCP segmentation and IP
fragmentation
Success Stories:
Conficker, Netsky, Nachi, Blaster, Sasser, Zotob and many more
Pro’s and Con’s
Pros
Cons
•
•
•
•
•
•
• Without Source Fire (paid)
there is no tech support
• XML must be parsed to be
utilized
• Complicated Binaries (code…
more of an issue for
developers)
• Not a real con, but it is not
Cisco, and some people just
really like Cisco
Open Source
Customizable
Incredibly fast Binaries
Lots of choices
Well documented
Cross Platform
Location
• Download at: http://www.snort.org/snortdownloads
• The source code it saved a *.tar.gz so for
windows users you will need 7 zip to extract it.
• They have offices worldwide but there primary
location is in Columbia Maryland.
Worldwide Headquarters
9770 Patuxent Woods Drive
Columbia, MD 21046, United States
Phone: 800.917.4134 | +1 4102901616
Fax: 410.290.0024
Sources/Other Information/Questions
• http://www.snort.org/
• http://www.sourcefire.com
• http://www.infoworld.com/t/business/nothing-snort070
• http://www.catb.org/esr/writings/homesteading/
• http://en.wikipedia.org/wiki/Snort_(software)