Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
| Tags | Networking Monitoring |
|---|---|
| Licenses | GPL |
| Operating Systems | Windows Windows Windows POSIX BSD FreeBSD NetBSD OpenBSD HP-UX IRIX Linux Solaris |
| Implementation | C |
Recent releases


Changes: This release adds a revised DCE/RPC preprocessor with more rule options (there will be a number of updates to the rules; be sure to update your rules when that package is available in the next few days), support for IPv6 in Frag3 and all application preprocessors, improved target-based support in preprocessors, an option to automatically pre-filter traffic that is not inspected in order to improve performance, and several other improvements and fixes.


Changes: A problem was fixed with the target based/attribute table and false positives for rules that don't have service metadata. The target based/attribute table's compatability with older versions of bison was fixed and it no longer exits when exceeding the configured limit on attribute table reload. Stream5 was updated to better handle out-of-sequence server responses that contain data when not doing server-side reassembly. Configurable limits were added on the amount of data queued for a single connection.


Changes: Many changes, fixes, and features have been engineered since then.


Changes: This release includes a number of new features, fixes, and performance enhancements, including the Frag3 preprocessor, a target-based IP defragmentation module, and an "ftpbounce" rule detection plugin.


Changes: A remote root vulnerability in the RPC fragment normalization code was fixed along with some other bugs, and some new options were added.