Snort是一个著名的、开放源代码的网络入侵检测与防御系统，它是同类技术产品中全球部署最广泛的。它使用了多种检测方法，包括：基于规则的检测，基于 异常的检测，启发式的网络流量检测。它的规则语言是开源的并且规则对公众开放。

目前，Snort发布了2.9.1.1版，新版主要改变如下:

* Added the ability to use shared memory (linux only) for the experimental IP reputation preprocessor. See README.reputation for details.
* Added a Unix control socket (linux only), used to issue commands to running Snort processes. Currently, it is only used by the IP Reputation preprocessor for communication regarding the shared memory. See the Snort Manual and the tools/control directory for more details.
* Improved HTTP Inspect and rule processing for both raw compress and zlib deflated data. Expanded coverage of normalization for Unicode encoded data.
* Updated HTTP Inspect PAF support to better handle HTTP 1.1 responses

-