Snort是一个著名的、开放源代码的网络入侵检测与防御系统，它是同类技术产品中全球部署最广泛的。它使用了多种检测方法，包括：基于规则的检测，基于异常的检测，启发式的网络流量检测。它的规则语言是开源的并且规则对公众开放。目前，Snort发布了2.9.1版，新版主要改变如下:
    * Protocol aware reassembly support for HTTP and DCE/RPC preprocessors. Updates to Stream5 allowing Snort to more intelligently inspect HTTP and DCE/RPC requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).
    * SIP preprocessor to identify SIP call channels and provide rule access via new rule option keywords. Also includes new preprocessor rules for anomalies in the SIP communications. See the Snort Manual and README.sip for details.
    * POP3 & IMAP preprocessors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP preprocessor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details.
    * Support for reading large pcap files.
    * Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients to unified2 when Snort generates events on related traffic.
    * IP Reputation preprocessor, allowing Snort to blacklist or whitelist packets based on their IP addresses. This preprocessor is still in an experimental state, so please report any issues to the Snort team. See README.reputation for more information.
工具下载:http://www.snort.org/snort-downloads