|author||Alan_Hicks <email@example.com>||2010-05-11 15:01:35 +0200|
|committer||Robby Workman <firstname.lastname@example.org>||2010-05-11 15:01:35 +0200|
network/snort: Initial import
Diffstat (limited to 'network/snort/README')
1 files changed, 42 insertions, 0 deletions
diff --git a/network/snort/README b/network/snort/README
new file mode 100644
@@ -0,0 +1,42 @@
+Snort is an open source network intrusion detection and prevention system. It
+is capable of performing real-time traffic analysis, alerting, blocking and
+packet logging on IP networks. It utilizes a combination of protocol analysis
+and pattern matchingin order to detect a anomalies, misuse and attacks.
+Snort uses a flexible rules language to describe activity that can be considered
+malicious or anomalous as well as an analysis engine that incorporates a modular
+plugin architecture. Snort is capable of detecting and responding in real-time,
+sending alerts, performing session sniping, logging packets, or dropping
+sessions/packets when deployed in-line.
+Snort has three primary functional modes. It can be used as a packet sniffer
+like tcpdump(1), a packet logger (useful for network traffic debugging, etc),
+or as a full blown network intrusion detection and prevention system.
+Please read the snort_manual.pdf file that should be included with this
+distribution for full documentation on the program as well as a guide to
+This package builds a very basic snort implimentation useful for monitoring
+traffic as an IDS or packet logger and as a sort of improved tcpdump (which
+is what I use it for). MySQL support is included, so you should have little
+trouble hooking snort up to a database or ACID. For more information on
+these, check out snort's homepage at:
+snort.org has a nasty habit of changing the location of their source
+code, which means there's no garauntee that the link in snort.info is
+correct. If you can't get that link to work, look for the source code at:
+Please note that this build script disables dynamic plugins. This can be
+easily added by deleting the following line in the script.
+ --disable-dynamicplugin \
+This will put the headers and source for dynamic plugins into /usr/src/snort.
+There is no rc.snort script included with this script at this time, but you
+should have little trouble creating one of your own. Please e-mail me with
+any questions or comments. -- Alan Hicks <email@example.com>