How does Snort's flavor of intrusion detection work?

Snort is a network-centric product. As an intrusion detection system, it can inspect traffic inline or offline, and act passively or actively.

    Requires Free Membership to View

Snort mostly relies on a "known bad" or "suspected bad" approach, observing traffic for patterns that correspond to malicious or suspicious activity. When Snort detects such activity, it can alert (passive mode) or block (active mode). The first is an IDS; the second an IPS.

This was first published in January 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: