Detect intruders on your network with Snort
Tuesday, April 8th, 2008
Snort is a Network Intrusion Detection System (NIDS), which can view and analyze packets on a network to determine whether or not a system is being attacked by remote. Most Linux distributions come with Snort, so it’s simply a matter of installing Snort via urpmi, apt-get, or yum. If you’re like me and run a distro where Snort is not in the repo’s you can grab the source here. Snort can write its collected information to a variety of different sources for later analysis, be it flat files or a database such as PostgreSQL or MySQL.
As well, Snort can be used as a simple packet logger, sniffer, or a full-blown NIDS.