Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Intrusion Detection
System
Introduction
Run-time switches:
-v verbose
• Sniffer
• Preprocessor
• Detection Engine
• Alert Logging
• Packet Sniffer
Taps into network
• Preprocessor
Checks against plug-ins
RPC plug-in
Port scanner plug-in
• Detection Engine
Snort is a signature-based IDS
Action to take
Type of packet
Source, destination IP address
And rule option