摘要
Snort是一个轻量级的开源网络入侵检测系统,其作为入侵检测工具在入侵防范方面得到了广泛的应用。针对当前服务器容易受到不被日志机制、监测系统和入侵检测系统捕捉的隐蔽端口扫描攻击,文章基于Snort入侵检测系统,分析了端口扫描的基本特征,进行自定义Snort规则,以达到对隐蔽端口扫描攻击的检测和报警效果,更加促进应用层实现安全过滤。
Snort is a lightweight open source network intrusion detection system,which is widely used as an intrusion detection tool in intrusion prevention.In view of the fact that the current server is vulnerable to hidden port scanning attacks that are not captured by the log mechanism,monitoring system and intrusion detection system,this paper analyzes the basic characteristics of port scanning based on Snort Intrusion detection system,carries out custom snort rules,achieves the detection and alarm effect of hidden port scanning attacks,and promotes the application layer to achieve security filtering.
作者
丁佳
Ding Jia(Shandong Weiping Information Security Evaluation Technology Co.,Ltd.,Shandong Jinan 250101)
出处
《网络空间安全》
2020年第10期68-72,共5页
Cyberspace Security