Samsara
26.01.05, 15:12
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.
The Snort Team is pleased to announce the availability of Snort v2.3.0 Final! There are only a few minor changes from RC2 to final. The following are the release notes for Final:
* Fixed issue with sfPortscan reporting incorrect IP datagram length. Thanks Jon Hart for the test case and finding the bug, and Marc Norton for resolving the issue.
* Threshold/Suppression now prints properly when logging to syslog. Thanks Sekure for pointing out the problem. Thanks Steve Sturges for working on the fix.
* Threshold memcap argument now correctly handles non-integer input. Thanks nnposter for the patch.
* Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were not decoded properly. Thanks Dan Roelker for the fix.
* Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your work on putting it all together.
Quelle: http://www.snort.org/
Changelog: http://www.snort.org/external/?url=http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.337.2.14
Release notes:
http://www.snort.org/external/?url=http://cvs.snort.org/viewcvs.cgi/snort/RELEASE.NOTES?rev=1.5.2.9
Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.
The Snort Team is pleased to announce the availability of Snort v2.3.0 Final! There are only a few minor changes from RC2 to final. The following are the release notes for Final:
* Fixed issue with sfPortscan reporting incorrect IP datagram length. Thanks Jon Hart for the test case and finding the bug, and Marc Norton for resolving the issue.
* Threshold/Suppression now prints properly when logging to syslog. Thanks Sekure for pointing out the problem. Thanks Steve Sturges for working on the fix.
* Threshold memcap argument now correctly handles non-integer input. Thanks nnposter for the patch.
* Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were not decoded properly. Thanks Dan Roelker for the fix.
* Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your work on putting it all together.
Quelle: http://www.snort.org/
Changelog: http://www.snort.org/external/?url=http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.337.2.14
Release notes:
http://www.snort.org/external/?url=http://cvs.snort.org/viewcvs.cgi/snort/RELEASE.NOTES?rev=1.5.2.9