Is there an alternative to snort ?? Why not its bro:
Snort is the industry standard, it is open source, but it is a signature based system and some of the signatures are not free. Bro is another software that does the same thing but in a completely different
way. It is more of an anomaly detector as opposed to a packet signature matcher. It therefore looks for events and bro comes pre built with 1000s of scripts in its own programming language.It can also understand netflow and it has several pluggable modules.It can be made to log packet decodes as well as execute functions thereby making it an intrusion prevention software as well.
way. It is more of an anomaly detector as opposed to a packet signature matcher. It therefore looks for events and bro comes pre built with 1000s of scripts in its own programming language.It can also understand netflow and it has several pluggable modules.It can be made to log packet decodes as well as execute functions thereby making it an intrusion prevention software as well.
Bro is the
only other real open source network intrusion detection system supported by a significant community
of users. Vern Paxson of the University of California at Berkeley is the lead developer. Bro is
considered a specification-based network IDS.
Bro uses a variety of protocol analysis modules to inspect traffic and make judgments regarding its
conformance to various norms. It is actually a very powerful complement to Snort. Here is a good article.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.