Get started Bring yourself up to speed with our introductory content.

Does Snort support target-based intrusion detection?

Learn what target-based intrusion detection techniques are is, and whether Snort uses them.

About the author
Richard Bejtlich is director of incident response at General Electric Company in Manassas, Va. and blogs at and Listen to the rest of Richard's answers on Snort by downloading our Snort podcast.

Target-based intrusion detection is a process by which the detection engine customizes its behavior based on the characteristics of the target of an attack. For example, it does not make sense for an IDS to treat an Apache Web server on FreeBSD 7.0 the same as an IIS Web server on Windows Server 2003 when an intruder attacks it. Ideally the IDS would understand the differences in the two computer's network stacks and other features affecting detection choices. Snort indeed supports various forms of target-based intrusion detection techniques, and the tool is a leader in this respect.

This was last published in January 2008

Dig Deeper on Managed network services technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.