Probably one of the best freeware applications to monitor the network for intrusions would be Snort. Intrusion detection systems can be one of several types. Snort is a good example of a pattern matching IDS. Pattern matching IDS systems rely on a database of known attacks. Attacks signatures are loaded into the system. As soon as the signatures are loaded into the IDS it can begin to guard the network. Curious what a signature looks like, here is one below.
Alert tcp any any -> any 80 (content: "hacker"; msg: "Hacker Site Accessed";)
The signatures are usually given a number or name so that the administrator can easily identify an attack when it sets of an alert. Alerts can be triggered for fragmented IP packets, streams of SYN packets (DoS), or even malformed ICMP packets. What makes Snort an awesome tool is that it can run on Linux or Windows and there's a great base of tools and users out there to help you realize it full potential. Is there a down side to all this good news I am offering? Yes, there is a learning curve involved. If you want to learn more start by checking out Snort.org.
Dig Deeper on Open source networking
Related Q&A from Michael Gregg
Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ... Continue Reading
Security expert Michael Gregg discusses the disadvantages to a layered approach to enterprise security. Continue Reading
Security expert Michael Gregg fields a question about unknown network cards gaining access to a user's network. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.