Intrusion detection is a vital part of any firewall, its
all very well to block traffic, but how do you know what is being blocked and
what is going through on your open service ports (SMTP, IMAP, DNS etc)? Snort is
the most popular Intrusion Detection system around. Its offered as an open source project, with
a subscription available offering enhanced rules libraries. Snort is highly configurable, with various
plug-ins for download. Quite a few
commercial firewalls run snort under a custom web interface (look
here)! The documentation is good and
I have compiled this on both OpenBSD and SuSe Enterprise 9 without problems. Is anyone else using Snort, how are you
finding it?