Introduction

Introduction

In the last chapter we taught you how to
detect the subtle and insidious acts of the typical script kiddie once she
gains access to an account on your computer. In this chapter we will present a
tool that can help you stop the barbarian at the gate.

Here we present a brief introduction to
Snort, a self-described "lightweight intrusion-detection system." Snort
is a kind of a supersniffer. It is a sniffer that can use rules to select out
packets seen on a network interface and take selective action based on those
rules. In this chapter we will present the basics of writing Snort rules, a
discussion of the "standard" rulesets and why you may wish to use
them, and a few observations on how Snort might fit into the security scheme of
various installations.

This chapter presumes that you have a fairly
extensive knowledge of the TCP/IP suite of internetworking protocols. If you do
not, I would refer you to a basic text on the subject, such as Douglas E.
Comer's excellent Internetworking with TCP/IP, Volume
1: Principles, Protocols, and Architecture.

You, as the reader, shouldn't have to care
about my problems as the author, but this tool (and this chapter) is one of
those that has us walking that tightrope between being too light to be useful
and too heavy to be understood. Bear in mind that the overall goal throughout
this book is to show you some of the exciting things you can do with Free
Software. We are not writing documentation or tutorials. That said, we do aim
to make the information we present in each chapter practical and useful. If I
fail here, it is certainly not for want of trying.