Snort

摘要

First introduced around 1998 by Martin Roesch, this tool is considered the most venerable open source security tool in the world. We cannot imagine a network implementation without at least one Snort sensor. Snort is easy to deploy, has a ton of possible options, and benefits from a huge number of rules developed by an equally huge number of open source developers. (Besides supporting Snort itself, the Snort community provides the core rule sets for some commercial IDS/IPS products.) As well, Snort can act as a sniffer, returning everything it sees with detailed packet decodes or it can be configured just to present alerts from its rule sets.