SANS.org paper on NIDS says the following "performs an analysis for a passing traffic on the entire subnet. Works in a promiscuous mode, and matches the traffic that is passed on the subnets to the library of knows attacks"<p>Is there any public list of such known attacks ? Also, are there any reliable open source software in Linux that can do NIDS ?
Snort: <a href="https://en.wikipedia.org/wiki/Snort_(software)" rel="nofollow">https://en.wikipedia.org/wiki/Snort_(software)</a><p>Bro: <a href="https://en.wikipedia.org/wiki/Bro_(software)" rel="nofollow">https://en.wikipedia.org/wiki/Bro_(software)</a><p>There are "signatures" just like with anti-virus software.