Probably one of the best freeware applications to monitor the network for intrusions would be Snort. Intrusion detection systems can be one of several types. Snort is a good example of a pattern matching IDS. Pattern matching IDS systems rely on a database of known attacks. Attacks signatures are loaded into the system. As soon as the signatures are loaded into the IDS it can begin to guard the network. Curious what a signature looks like, here is one below.
Alert tcp any any -> any 80 (content: "hacker"; msg: "Hacker Site Accessed";)
The signatures are usually given a number or name so that the administrator can easily identify an attack when it sets of an alert. Alerts can be triggered for fragmented IP packets, streams of SYN packets (DoS), or even malformed ICMP packets. What makes Snort an awesome tool is that it can run on Linux or Windows and there's a great base of tools and users out there to help you realize it full potential. Is there a down side to all this good news I am offering? Yes, there is a learning curve involved. If you want to learn more start by checking out Snort.org.
This was first published in March 2006