- 03202k.rules
|
Over 800 rules for
the Snort IDS software. Last updated 3/25/2000. Homepage here. |
- 05172K.rules
|
Snort's full and current
rule set. Last Updated 5/17/200. Homepage here. |
- 06082kbackdoor.rules
|
Updated snort rules
to detect backdoors last updated 06/08/2000. Homepage: http://www.snort.org.
By Jim Forster |
- 06082kfalse.rules
|
False snort rules
last updated 06/08/2000. Detects Yahoo pager data, AOL chat data, SNMP,
SMB queries, etc. Homepage: http://www.snort.org.
By Jim Forster |
- 07062k.rules
|
Full set of updated
snort rules last updated 07/06/2000. Changes: Fix for quote problems causing
false alerts and non-detection, lots more rules. Homepage: http://www.snort.org.
By Jim Forster |
- 07062kany.rules
|
Full set of updated
snort rules using using 'any' instead of "$HOME_NET" variables. Last updated
07/06/2000. Changes: Fix for quote problems causing false alerts and non-detection,
lots more rules. Homepage: http://www.snort.org.
By Jim Forster |
- 5n0r7.c
|
5n0r7 is a snort alert
file parser. It sorts the alerts based on source IP, destination IP, and
frequency. 5n0r7 allows one to detect attacks (portscans, probes, or whatever
snort is configured to alert) right away when displaying the sorted alert
file. Homepage here. By Michel
Kaempf |
- address_config.sh
|
Sten Kalenda wrote
this handy script for laptop users that change their IP address frequently.
This automates the process of updating your Snort rules file. |
- backdoor.rules
|
300 snort rules to
detect windows backdoors. Homepage here. |
- dupl.pl
|
dupl.pl v0.4 is a
snort rules beautifier which removes duplicate rules from *-lib, vision.conf,
and xxxx-rules files. Homepage: http://www.norz.org.
By Zas |
- Guardian.tar
|
Guardian watches the
output from Snort, a lightweight intrustion detection system, and uses ipchains
to deny any further packets from the attacker to get to the system. Homepage
here. By Anthony
Stevens |
- IDMEF-xml-plugin_0.1..>
|
Intrusion Detection
Message Exchange Format (IDMEF) XML output plugin for Snort - Produces IDMEF
messages in response to events triggering Snort rules. It is configured
in a standard Snort configuration file, and can run concurrently with existing
Snort logging output. Homepage: http://www.silicondefense.com/idwg/snort-idmef.
By Joe McAlerney |
- idscenter.zip
|
IDScenter, a panel
for SNORT-Win32, is a tool for managing, controlling, and monitoring the
Snort IDS. IDScenter support alarm sound functions and has error checking
procedures. If Snort is killed, IDScenter restarts Snort immediately. Homepage:
http://www.eclipse.fr.fm/snort.htm. |
- pgsql.php3
|
This is a php script
which goes to the database (Postgresql) and generate some statistics from
the data. For more info see the snortdb
page. Homepage: http://xanadu.incident.org.
By Yen-Ming Chen |
- ruleset-retrieve.c
|
Ruleset-retrieve obtains
the newest Snort IDS ruleset from www.snort.org or whitehats.com and inserts
your ip address into the appropriate areas. Homepage: http://www.technotronic.com.
By Vacuum |
- snort-0.96.tar.gz
|
Snort is a libpcap-based
sniffer/packet logger. It's fairly portable and tested on Solaris 2.5.1
(Sparc), Solaris 2.6 (x86), Linux, and FreeBSD. By Martin
Roesch. |
- snort-0.97.tar.gz
|
Snort v0.97 - packet
logger - This program reads and parses packets from the link layer through
the transport layer, dumping explicit header information along the way.
Good logging capabilities, useful for IDS, debugging network code. By Martin
Roesch. |
- snort-0.98.tar.gz
|
Snort v0.98 - packet
logger - This program reads and parses packets from the link layer through
the transport layer, dumping explicit header information along the way.
Good logging capabilities, useful for IDS, debugging network code. It now
supports rules based logging and tracks conversations better. By Martin
Roesch. |
- snort-0.99.tar.gz
|
Snort v0.99 - packet
logger - This program reads and parses packets from the link layer through
the transport layer, dumping explicit header information along the way.
Good logging capabilities, useful for IDS, debugging network code. It now
supports rules based logging and tracks conversations better, incorporates
content based logging and automatic rules sorting. 66k. By Martin
Roesch. |
- snort-0.99b1.tar.gz
|
Snort v0.99b1 is a
packet logger that reads and parses packets from the link layer through
the transport layer, dumping explicit header information along the way.
Good logging capabilities, useful for IDS, debugging network code. It now
supports rules based logging and tracks conversations better, incorporates
content based logging and automatic rules sorting, includes lots of bugfixes,
and has improved ICMP filenames. By Martin
Roesch. |
- snort-0.99b2.tar.gz
|
Snort v0.99b2 is an
extremely versatile packet logger. This version features dramatic speed
improvements, a more logically laid out packet header print out, packet
statistics, fragment detection, and more complete IP header decoding. One
of the few "5 Star, Must Have!" programs around. By Martin
Roesch. |
- snort-0.99b3.tar.gz
|
See descriptions above.
Improved timestamping (down to the millisecond) implemented in this version. |
- snort-0.99rc3.tar.gz
|
Snort v0.99rc3 is
an extremely versatile packet logger. This version features dramatic speed
improvements, a more logically laid out packet header print out, packet
statistics, fragment detection, and more complete IP header decoding. Improved
timestamping (down to the millisecond) implemented. This release has TCP
and IP option decoding, and some new rules stuff. You can now specify port
ranges (or greater than/less than) and TCP flags in rules. This allows you
to do things like this: alert tcp any any -> 192.168.1.0/24 :1024 {SF}
<SYN FIN scan on priv ports!> which will alert on all TCP traffic
below port 1024 on both SRC and DST IP or this: alert tcp any any ->
192.168.1.0/24 6000:6010 <X access attempt!> which will pick out inbound
traffic going ports 6000 thru 6010. Also includes bugfixes, cleaned up fragment
printout routines, truncated packet fragments get dumped in their own file,
rules processor routine recoded and more flexible, much more. Several important
bugfixes in this release, plus recoded IP/TCP option decoding, revised packet
printout routines, and now logs illegal TCP and IP options as well in an
IP_BOGUS log file. By Martin
Roesch. |
- snort-0.99rc5-lib
|
snort-0.99rc5-lib
is a set of example Snort rules. It's a
short one, about 43 rules total, but it gives a good overview of the basic
rule types and how to use the pattern matcher properly. This version of
snort-lib includes a new buffer overflow (named) and some other stuff. By
Martin Roesch. |
- snort-0.99rc5.tar.gz
|
Snort v0.99rc5 is
an extremely versatile packet logger. This version features dramatic speed
improvements, due to improved Boyer-Moore pattern match routine optimizations,
a more logically laid out packet header print out, packet statistics, fragment
detection, more complete IP header decoding, a new command line switch ("-e")
to display/log the Ethernet header, plus TOS field and IP Fragment ID field
display/logging. Improved timestamping (down to the millisecond) implemented.
This release also has TCP and IP option decoding, and lots of new rules.
You can now specify port ranges (or greater than/less than) and TCP flags
in rules. This allows you to do things like this: alert tcp any any ->
192.168.1.0/24 :1024 {SF} <SYN FIN scan on priv ports!> which will
alert on all TCP traffic below port 1024 on both SRC and DST IP or this:
alert tcp any any -> 192.168.1.0/24 6000:6010 <X access attempt!>
which will pick out inbound traffic going ports 6000 thru 6010. Also includes
bugfixes, cleaned up fragment printout routines, truncated packet fragments
get dumped in their own file, rules processor routine recoded and more flexible,
much more. Several important bugfixes in this release, plus recoded IP/TCP
option decoding, revised packet printout routines, and now logs illegal
TCP and IP options as well in an IP_BOGUS log file. By Martin
Roesch. |
- snort-0.99rc6-lib
|
snort-0.99rc6-lib
is a set of example Snort rules. It's short,
but gives a good overview of the basic rule types and how to use the pattern
matcher properly. This version of snort-lib includes alot of new stuff.
By Martin Roesch. |
- snort-0.99rc6.tar.gz
|
Snort v0.99rc6 is
an extremely versatile packet logger. This version of Snort has a new rules
set implementation. The new set is more flexible and easier to add new user
requested rule types to from a programmatic standpoint. It also includes
new rule types to be able to detect TTL values and ICMP type/codes. Rc6
also has a completely rewritten, unified reporting system, so the output
is consistent across all output file types (logs/alerts/fragments/etc).
By Martin Roesch. |
- snort-1.0-lib
|
snort-1.0-lib is a
set of example Snort rules. It's short, but
gives a good overview of the basic rule types and how to use the pattern
matcher properly. This version of snort-lib includes alot of new stuff.
By Martin Roesch. |
- snort-1.0.1-lib
|
This snort-lib ruleset
for the latest version of snort has over 150 rules. By Martin
Roesch. |
- snort-1.0.1.tar.gz
|
Snort 1.0.1 - Snort
is a libpcap-based packet sniffer/logger which can be used as a lightweight
network intrusion detection system. It features rules based logging which
can perform content searching/matching and may be used to detect a variety
of attacks and probes, such as buffer overflows, stealth port scans, CGI
attacks, SMB probes, and much more. Snort has a real-time alerting capabilty,
with alerts being sent to syslog or a seperate "alert" file. Changes: Lots
of little bug fixes, plus resolved some issues on big endian hardware, fixed
some bugs under Solaris to make the system compile cleanly "out of the box".
Also added HP-UX and S/Linux support, new command line switch "-x" to explicitly
turn on IPX decoding (such as it is) as a sanity measure for people in mixed
protocol environments and added packet summary statistics upon exit. By
Martin Roesch. |
- snort-1.0.tar.gz
|
Snort is a libpcap-based
packet sniffer/logger. It reads and decodes packets from the link layer
through the application layer, dumping the decoded packet data. It can log
these packets in their decoded form to directories which are generated based
upon the IP address of the remote computer. This allows it to be used as
a sort of "poor man's intrusion detection system" if you specify what traffic
you want to record and what to let pass. Changes: Added RAW/PPP and SLIP
decoding, new command line option to change the order in which the rules
are applied for the rules based logging subsystem and there is also a new
option to send the alert messages to syslog. By Martin
Roesch. |
- snort-1.3.1.tar.gz
|
Version 1.3.1 of Snort,
the lightweight network intrusion detection system. Version 1.3.1 fixes
an annoying crash bug, plus enhances a number of features of the program.
Invalid ICMP types/codes can now be filtered or monitored, the tcpdump file
playback facility can use BPF filters, and the packet payload size check
keyword now accepts greater than/less than modifiers. By Martin
Roesch |
- snort-1.3.tar.gz
|
Snort 1.3, the lightweight
network intrusion detection system. This version has a number of new features,
including four new command line switches, three new rule options, two new
rule operators, performance enhancements, and bug fixes. The official Snort
homepage is here. |
- snort-1.5.1.tar.gz
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog, a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: fixed a problem with pass rules not being applied
properly, fixed slackware 4 install problem, fixed banner output for the
-V option, Added packet buffer cleanup code to all protocol decoders, and
Added a Snort man page. Homepage here.
By Martin Roesch |
- snort-1.5.2.tar.gz
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog,a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: dded typedef checks to configure.in because
Sun thought it'd be fun to define the u_int*_t variables in Solaris differently
than the rest of the universe. Homepage here.
By Martin Roesch |
- snort-1.5.tar.gz
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog, a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: detection and preprocessor plugins (think packet
sniffing API), rule file variables and includes, preprocessors, TCP session
logging, new detection capabilities (IP options, multiple content strings
per rule), new protocol decoders (I4L-ISDN, NULL), new http preprocessor
normalizes web traffic, defeating evasive web scanners like whisker.pl,
faster and more accurate IP and TCP option decoders, etc. Homepage here.
By Martin Roesch |
- snort-1.6-0.i386.rpm
|
Snort 1.6.0 i386 binary
rpm. Homepage here.
By Martin Roesch |
- snort-1.6-0.src.rpm
|
Snort 1.6.0 source
rpm. Homepage here.
By Martin Roesch |
- snort-1.6-beta10.1.t..>
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog,a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: Logging was broken in this mornings snort release,
snort-1.6-beta10. Homepage here.
By Martin Roesch |
- snort-1.6-beta10.tar..>
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog,a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: Modified minfrag proprocessor to only catch
tiny frags, added -C command line switch to print packet payloads as ASCII
only, bug/crash fixes. Homepage here.
By Martin Roesch |
- snort-1.6-beta8.tar...>
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog, a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: This is a *BETA* release. Bleeding edge users
only! Added many patches, Added IPv6 counter, Added content-list rules,
fixes portscan preprocessor, added time based logfile naming, Streamlined
the "fast" alert printout function, new quiet mode, many bugfixes. Homepage
here. By Martin
Roesch |
- snort-1.6-win32-stat..>
|
Snort 1.6 ported to
Windows - This is a working port of Snort to Windows NT/2000/9x. (Includes
source and binaries). Changes include interface names, filenames, syslog
changes. Homepage: http://www.datanerds.net/~mike.
By Michael Davis |
- snort-1.6.1.tar.gz
|
Snort is a lightweight
network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, OS fingerprinting attempts, and much more. Snort uses a flexible
rules language to describe traffic that it should collect or pass, as well
as a detection engine that utilizes a modular plugin architecture. Changes:
This release is mostly a bug fix with a few minor feature additions for
runtime security. New features include a IP defragmentation plugin, New
output plugins cover all old logging and alerting options, Updated portscan
detection functionality, Added -O IP address obfuscation switch, Added -t
chroot switch. Requires libpcap. Homepage:
http://www.snort.org.
By Martin Roesch |
- snort-1.6.2.2-win32-..>
|
Snort 1.6.2.2 ported
to Windows - This is a working port of Snort to Windows NT/2000/9x. Changes
include interface names, filenames, and syslog changes. Source available
here.
Homepage: http://www.datanerds.net/~mike.
By Michael Davis |
- snort-1.6.2.2.tar.gz
|
Snort is a lightweight
network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, OS fingerprinting attempts, and much more. Snort uses a flexible
rules language to describe traffic that it should collect or pass, as well
as a detection engine that utilizes a modular plugin architecture. Changes:
Minor tweaks to the configuration script to normalize building across all
Linux platforms. There is also a fix to the SMB Alerting code so that it
follows the same code formatting as the rest of the alerting modules in
the program. Requires libpcap. Snort
Howto here.
Homepage: http://www.snort.org.
By Martin Roesch |
- snort-1.6.2.tar.gz
|
Snort is a lightweight
network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, OS fingerprinting attempts, and much more. Snort uses a flexible
rules language to describe traffic that it should collect or pass, as well
as a detection engine that utilizes a modular plugin architecture. Changes:
Compilation fixes for Linux and Tru64, fixed minor problems with running
under Linux. Requires libpcap. Homepage:
http://www.snort.org.
By Martin Roesch |
- snort-1.6.3-patch2.t..>
|
Snort is a lightweight
network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, OS fingerprinting attempts, and much more. Snort uses a flexible
rules language to describe traffic that it should collect or pass, as well
as a detection engine that utilizes a modular plugin architecture. Changes:
Patch2 - Very minor fixes. Requires libpcap.
Snort Howto here.
Homepage: http://www.snort.org.
By Martin Roesch |
- snort-1.6.3.tar.gz
|
Snort is a lightweight
network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, OS fingerprinting attempts, and much more. Snort uses a flexible
rules language to describe traffic that it should collect or pass, as well
as a detection engine that utilizes a modular plugin architecture. Changes:
This version has been well tested and contains many fixes. Now compiles
on more platforms and can locate libpcap more accurately, fixed ICMP ping
packet id/sequence printouts, updated portscan detector, and more. Requires
libpcap. Snort Howto here.
Homepage: http://www.snort.org.
By Martin Roesch |
- snort-1.6.tar.gz
|
Snort is a libpcap-based
packet sniffer/logger which can be used as a lightweight network intrusion
detection system. It features rules based logging and can perform content
searching/matching in addition to being used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, and much more. Snort has a real-time alerting capabilty, with alerts
being sent to syslog, a seperate "alert" file, or as WinPopup messages via
Samba's smbclient. Changes: Added FlexResp (active response) plugin to fool
OS fingerprinting, Added support for "stealthed" network interfaces, greatly
improved the speed of the content pattern matcher, Token Ring and FDDI decoder
support, Snort ported to Tru64/Alpha, IRIX 6.X, and AIX, Output plugins
added (modular output system), and Snort man page now ships with the distribution.
Homepage here.
By Martin Roesch |
- snort-1.7.tar.gz
|
Snort is an open source
network intrusion detection system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can perform protocol analysis,
content searching/matching and can be used to detect a variety of attacks
and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB
probes, OS fingerprinting attempts, and much more. Includes real time alerting,
incorporating alerting mechanisms for syslog, a user specified file, a UNIX
socket, or WinPopup messages via smbclient. Changes: New stable release!
Features dynamic rules (rules that can turn on other rules), a Statistical
Anomaly Detection preprocessor, a TCP stream reassembly preprocessor, XML
output plugin, Oracle DB plugin, improved IP defragmentation preprocessor,
HTTP decode preprocessor can now detect IIS/UNICODE attacks, Four new detection
plugins (react, reference, fragbits, tos), Rules language now supports IP
address lists, user configurable action types, and updated documentation.
Homepage: http://www.snort.org.
By Martin Roesch |
- snort.panel.zip
|
Snort Panel is a front-end
control panel for the win32 port of snort. It allows you to set command-line
options via dialog box settings and it monitors the alerts file for new
alerts. Homepage: http://www.xato.net/downloads. |
- snort2html
|
Snort2HTML v1.0 converts
Snort Intrusion Detection System logs into nicely-formatted HTML. Homepage
here. By Daniel
Swan |
- snort2html15.txt
|
Snort2HTML v1.5 converts
Snort Intrusion Detection System logs into nicely-formatted HTML. Changes:
Parsing for ICMP alerts, optimized code, input/output files now can be specified
on the command line, and more. Homepage here.
By Daniel Swan |
- snorticus-1.0.tar.gz
|
Snorticus is a collection
of shell scripts designed to allow easy managment of Snort sensors. It allows
you to routinely collect Snort sensor data, analyze the data via SnortSnarf,
and easily maintain rule files. Homepage: http://snorticus.baysoft.net/.
By Paul Ritchey |
- snortlog.pl
|
snortlog.pl is a Perl
script which looks up the hostnames of machines mentioned in a snort IDS
alert and outputs the relavent information in a nice list. By Angelos
Karageorgiou |
- snortpres2.ppt
|
PowerPoint presentation
on Snort - Lightweight Intrusion Detection for Networks. Homepage here.
By Martin Roesch |
- snortrt_stat.pl
|
Sorry, a description
is unavailable. |
- SnortSnarf-062000.1...>
|
SnortSnarf is a Perl
program to take files of alerts from the free Snort Intrusion Detection
System, and produce HTML output intended for diagnostic inspection and tracking
down problems. The model is that one is using a cron job or similar to produce
a daily/hourly/whatever file of snort alerts. This script can be run on
each such file to produce a convenient HTML breakout of all the alerts.
Homepage: http://www.silicondefense.com/snortsnarf.
By Stuart Staniford |
- SnortSnarf-090700.1...>
|
Sorry, a description
is unavailable. |
- SnortSnarf-100400.1...>
|
SnortSnarf is a Perl
program to take files of alerts from the free Snort Intrusion Detection
System, and produce HTML output intended for diagnostic inspection and tracking
down problems. It uses a cron job to produce a daily/hourly/whatever file
of snort alerts. This script can be run on each such file to produce a convenient
HTML breakout of all the alerts. Changes: New CGI script to show an updated
list of alerts as text, added www.snort.org port lookup links, improved
wrapping on some browsers, and bug fixes. Homepage: http://www.silicondefense.com/snortsnarf.
By Stuart Staniford |
- snortstart
|
Snortstart v0.17 is
a bash script which acts as a wrapper for starting snort which aims to install,
start and stop snort in a chroot jail under unprivileged user and group.
Homepage: http://www.norz.org/software/snortstart.html.
By Zas |
- snort_rules.txt
|
Writing Snort Rules
(Updated for Snort 1.6) - How To write Snort rules for intrusion detection
and keep your sanity. Homepage here.
By Martin Roesch |
- snort_stat.pl
|
snort_stat.pl v1.12
(Nov 2000) does statistical analysis on snort logfiles. It's setup to process
the syslog alerts that Snort creates and generate a bunch of relavent statistics
about the current alerts. If you read the beginning of the script, it tells
you how to activate the program as a cron job to provide daily reports of
activity recorded by Snort. By Yen-Ming
Chen |
- Spade-092200.1.tar.g..>
|
Spade stands for Statistical
Packet Anomaly Detection Engine. It is a Snort preprocessor plugin to report
and score unusual, possibly suspicious, packets. The anomaly score that
is assigned is based on the observed history of the network. The fewer times
that a particular kind of packet has occurred in the past, the higher its
anomaly score will be. Based on the SPICE
Whitepaper. Homepage: http://www.silicondefense.com/spice.
By Jim Hoagland, Stuart
Staniford |
- spp_portscan-0.2.9.c
|
spp_portscan.c - Snort
Portscan Preprocessor logs port scans through snort. Homepage here. |
- vision.conf
|
Snort rules from the
arachNIDS IDS signature database. Last updated 1/25/2000. Homepage here.
By Max Vision |