Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Snort Setup Guides
Snort Setup Guides for Windows
WinSnort.com
Snort 2.9.16.1 on CentOS8
Milad Rezaei
Snort 2.9.0.x with PF_RING inline deployment
Metaflows Google Group
Snort 2.9.9.x on OpenSuSE Leap 42.2
Boris Gomez
Snort Deployment Guides
Snort IPS Tutorial
Vladimir Koychev
Changing from IDS to IPS with NFQueue
James Lay
How to make some Home Routers mirror traffic to Snort
William Parker
RSyslog rate limiting configuration
William Parker
Snort IPS using DAQ AFPacket
Yaser Mansour
Snort Related Whitepapers
Target Based Stream Reassembly
Judy Novak
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and Rules
Steve Sturges
HTTP Evasions Revisited
Daniel Roelker
VRT Methodology Whitepaper
Vulnerability Research Team (VRT)
Inline Normalization using Snort 2.9.0
Russ Combs
Optimization of Pattern Matches for IDS
Marc Norton
Target Based Fragmentation Reassembly
Judy Novak
Webcast Slides
Writing Effective Rules, Part I
Matt Olney
Performance Tuning: Rules & Preprocessors
Pimp My Snort
Leon Ward
Writing Effective Rules, Part II
Matt Olney
Effective Problem Reporting: How to Get Your Problems Noticed and Fixed
Intro to Snort
Ed Mendez
Using the Host Attribute Table in Snort
OpenAppId Community Webinar
Costas Kleopa
Snort Tuning 101
Nick Moore
Using Multiconfig
John Gay
Open Source Community Webinar
Joel Esler
Introduction to Snort: Part 1
Nick Moore
OpenAppId Detection Webinar
Costas Kleopa
Snort 3 Setup Guides
Rules Writers Guide to Snort 3 Rules
Yaser Mansour
Snort 3.1.0.0 on CentOS Stream
Yaser Mansour
Snort 3 Multiple Packet Threads Processing
Yaser Mansour
Snort 3.1.0.0 on OracleLinux 8
Yaser Mansour
Snort 3 on FreeBSD 11
Yaser Mansour
Snort 3.0.0-a4 on OpenSuSe 42.3
Boris Gomez
Snort 3.1.0.0 on Ubuntu 18 & 20
Noah Dietrich
Latest rule documents - Search
1-57536
This rule looks for a crafted HTTP request that can exploit a buffer overflow in the Novell eDirectory iMonitor webapp.
1-57534
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
1-57533
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
1-57532
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. Impact: CVSS base score 7.8 CVSS impact score 6.9 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:
1-52078
This event is generated when an attacker attempts to exploit a denial of service in ISC BIND. Impact: Attempted User Privilege Gain Details: This rule checks for attempts to exploit a denial of service in ISC BIND via crafted DNS responses with DNAME resource records. Ease of Attack:
1-51930
This rule attempts to identify payloads with deeply nested XML documents.