netmon patrick@gentoo.org Patrick Lauer Maintainer jason.r.wallace@gmail.com Jason Wallace Proxy maintainer. CC him on bugs Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS. snort-team@sourcefire.com Snort Team http://www.snort.org/snort-downloads http://www.snort.org/docs http://www.snort.org/snort-downloads/submit-a-bug/ Adds support for monitoring wireless traffic using a Aruba Mobility Controler. Added support to provide action control (alert, drop, pass, etc) over preprocessor and decoder generated events. Enable ability to dynamically load preprocessors, detection engine, and rules library. This is required if you want to use shared object (SO) snort rules. (DEPRECIATED) Original method for enabling connection tearing for inline deployments. Replaced with flexresp3 in Snort-2.9.0. (DEPRECIATED) Replaced flexresp for enabling connection tearing for inline deployments. Replaced with flexresp3 in Snort-2.9.0. Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headders. Only needed if you are monitoring GRE tunnels. (DEPRECIATED) Enables support for deploying snort inline. Uses net-firewall/iptables, via libipq, rather than net-libs/libpcap. Replaced by DAQ in Snort-2.9.0 Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection. Enable accurate statistics reporting through /proc on systems with multipule processors. Enables support for processing and inspecting Multiprotocol Label Switching MPLS network network traffic. Only needed if you are monitoring an MPLS network. Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor. Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments. Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections. Enables support in snort for using a host attibute XML file (attribute_table.dtd). This file needs to be created by the user and should define the IP address, operating system, and services for all hosts on the monitored network. This is cumbersome, but can improve intrusion detection accuracy. (DEPRECIATED) Enables support for printing packet stats on a per hour and per protocol breakdown. Depreciated in Snort-2.9.0. Enables support for reloading a configuration without restarting snort. Enables support for completely restarting snort if an error is detected durring a reload. Enables HTTP inspection of compressed web traffic. Requires dynamicplugin be enabled. Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments. Enables support for normalizing packets in inline deployments to help minimize the chances of detection evasion. Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2. Enables support for Protocol Aware Flushing. This allows Snort to statefully scan a stream and reassemble a complete protocol data unit regardless of segmentation. Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!