IPS
Snort can also be used in conjunction with libipq instead of libpcap in order to rewrite iptables rules as needed to divert malicious packets. Snort Inline used to be a separate project, but is now included as part of snort. Obviously you have to be careful to not lock yourself out, and moreover, […]
IDS
Snort’s primary use is as a Network-based Intrusion Detection System. An IDS monitors network traffic and will generally work in one of the following ways:
Signature detection - where it inspects packets and compares them to a list of known attack signatures. Because Signature detection systems check against an existing list of attack signatures, […]
IDS & IPS with Snort
Intrusion detection and intrusion prevention have been popular topics of computer security, and many of those conversations probably involve Snort at some point or another. Snort is a highly configurable security application, that can work as either a host-based or network-based IDS or IPS. The key difference between an […]