Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Snort Setup Guides
Snort 3 Multiple Packet Threads Processing
Yaser Mansour
Rules Writers Guide to Snort 3 Rules
Yaser Mansour
Snort 3 on Ubuntu 14, 16, 17, 18
Noah Dietrich
Snort 3 on CentOS 7
Yaser Mansour
Snort 2.9.8.x on NetBSD 5.1.x
William Parker
Snort 3.0.0-a4 on OpenSuSe 42.3
Boris Gomez
Snort 2.9.8.x on Fedora 22
William Parker
Snort 2.9.9.x on OpenSuSE Leap 42.2
Boris Gomez
Snort Setup Guides for Windows
WinSnort.com
Snort 2.9.8.x on OpenSuSE 12x
William Parker
Snort 2.9.8.x on OpenSuSE 13x
William Parker
Snort 2.9.8.x on CentOS 6.x and 7.x
William Parker
Snort 2.9.8.x on Fedora 17/18/19
William Parker
Snort 2.9.8.x on OpenBSD 5.x
William Parker
Snort 2.9.0.x with PF_RING inline deployment
Metaflows Google Group
Snort 2.9.9.x on Ubuntu 14 -16
Noah Dietrich
Snort 3 on FreeBSD 11
Yaser Mansour
Snort Deployment Guides
Changing from IDS to IPS with NFQueue
James Lay
Snort IPS Tutorial
Vladimir Koychev
RSyslog rate limiting configuration
William Parker
How to make some Home Routers mirror traffic to Snort
William Parker
Snort IPS using DAQ AFPacket
Yaser Mansour
Integrating Snort and AlienVault OSSIM
William Parker
Integrating Snort-2.9.8.x with AlienVault OSSIM
William Parker
Snort Related Whitepapers
Target Based Fragmentation Reassembly
Judy Novak
Target Based Stream Reassembly
Judy Novak
Optimization of Pattern Matches for IDS
Marc Norton
VRT Methodology Whitepaper
Vulnerability Research Team (VRT)
Inline Normalization using Snort 2.9.0
Russ Combs
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules
Steve Sturges
HTTP Evasions Revisited
Daniel Roelker
Webcast Slides
Pimp My Snort
Leon Ward
Performance Tuning: Rules & Preprocessors
Writing Effective Rules, Part I
Matt Olney
Open Source Community Webinar
Joel Esler
OpenAppId Detection Webinar
Costas Kleopa
Introduction to Snort: Part 1
Nick Moore
Snort Tuning 101
Nick Moore
OpenAppId Community Webinar
Costas Kleopa
Using Multiconfig
John Gay
Using the Host Attribute Table in Snort
Intro to Snort
Ed Mendez
Effective Problem Reporting: How to Get Your Problems Noticed and Fixed
Writing Effective Rules, Part II
Matt Olney
CONF files
snort.2983.conf
Talos
classification.config
Talos
snort.2091100.conf
Talos
reference.config
Talos
snort.2091000.conf
Talos
snort.2091101.conf
Talos
snort.2990.conf
Talos
snort.2976.conf
Talos
Latest rule documents - Search
1-281
Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.
1-279
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.
1-278
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
1-277
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
1-276
Progressive Networks Real Video server (pnserver) can be crashed remotely.
1-271
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.