patrick@gentoo.org Patrick Lauer Maintainer jason.r.wallace@gmail.com Jason Wallace Proxy maintainer. CC him on bugs netmon@gentoo.org Gentoo network monitoring and analysis project proxy-maint@gentoo.org Proxy Maintainers Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS. snort-team@sourcefire.com Snort Team http://www.snort.org/snort-downloads http://www.snort.org/docs http://www.snort.org/snort-downloads/submit-a-bug/ Enables Snort's control socket. Enable ability to dynamically load preprocessors, detection engine, and rules library. This is required if you want to use shared object (SO) snort rules. Enables extended file inspection capabilities. Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headders. Only needed if you are monitoring GRE tunnels. Enables high-availability state sharing. Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection. Enable accurate statistics reporting through /proc on systems with multipule processors. Enables support for processing and inspecting Multiprotocol Label Switching MPLS network network traffic. Only needed if you are monitoring an MPLS network. Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc. Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor. Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments. Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections. Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems) Enables Snort's the side channel. Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm. Enables support in snort for using a host attibute XML file (attribute_table.dtd). This file needs to be created by the user and should define the IP address, operating system, and services for all hosts on the monitored network. This is cumbersome, but can improve intrusion detection accuracy. Enables support for completely restarting snort if an error is detected durring a reload. Enables HTTP inspection of compressed web traffic. Requires dynamicplugin be enabled. Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments. Enables support for normalizing packets in inline deployments to help minimize the chances of detection evasion. Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2. Enables support for Protocol Aware Flushing. This allows Snort to statefully scan a stream and reassemble a complete protocol data unit regardless of segmentation. Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!