We also note that Snort can be installed on Windows systems. Though this machine is being designed primarily as a sensor, it is possible to install Snort on machines dedicated to other tasks. In these notes, we will install the current version of Snort on our CentOS 6.2 圆4 machines. ![]() In our laboratory class environment, note that VMWare internally uses essentially a hub for network traffic thus a virtual machine running Snort will see all of the traffic directed to/from either the host or any of the guests running on that physical host. Snort generates alerts only for traffic that it collects, so when deploying a snort sensor it is important to know what traffic it will see. ![]() A sequence of malicious traffic that does not match any existing signature will not generate an alert (false negative), while it can also be the case that perfectly legitimate traffic may match a signature and be flagged as malicious (false positive). ![]() It can generate alerts when it sees traffic patterns that match its list of signatures. Snort is an open source intrusion detection system available for most major platforms.
0 Comments
Leave a Reply. |