patrick@gentoo.org Patrick Lauer netmon@gentoo.org Gentoo network monitoring and analysis project Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS. snort-team@sourcefire.com Snort Team http://www.snort.org/snort-downloads http://www.snort.org/docs http://www.snort.org/snort-downloads/submit-a-bug/ Enables Snort's control socket. Enables extended file inspection capabilities. Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headders. Only needed if you are monitoring GRE tunnels. Enables high-availability state sharing. Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection. Enable accurate statistics reporting through /proc on systems with multipule processors. Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc. Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires dev-lang/luajit. Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor. Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments. Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections. Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems) Enables Snort's the side channel. Enables Sourcefire specific build options, which include --enable-perfprofiling and --enable-ppm. Enables support for completely restarting snort if an error is detected durring a reload. Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments. Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2. Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS! Build against net-libs/libtirpc for RPC support