LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Snort 1.6.2 Released Print E-mail
User Rating:      How can I rate this item?
Source: snort.org - Posted by Dave Wreski   
Intrusion Detection Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks . . . Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

You might also be interested in Network Intrusion Detection Using Snort as well as the snort RPM.

Version 1.6.2 is ready. This release is mostly a bug fix with several appreciable additons including IP defragmentaion, ODBC support, and new switches for runtime security.

Updates and changes with this release:

  • New preprocessor plugin: IP defragmentation!!
  • New output plugins cover all old logging and alerting options
  • New output plugin no logs to MySQL, PostgreSQL, unixODBC databases
  • Updated portscan detection functionality
  • Added quote removal for most plugin parsers
  • -C crash bug fixed
  • PID/PATH_VARRUN file fixes
  • Converted many putc(3) calls to fputc(3) for portability
  • Transport layer decoders use ip_len field for length metric now
  • String tokenizer code modified for more reliable operation
  • Fixed flexible response code sequence prediction
  • Fixed DEBUG ifdef's so DEBUG mode code will compile correctly on all platforms
  • Set automake options so that people don't need gmake anymore to build Snort on BSD systems
  • Fixed SMB alert code large tmp file hole
  • Added sigsetmask code to fix SIGHUP weirdness
  • Added execvp option for SIGHUP restart code
  • Added ARP header printout validation
  • Added Session logging file integrity checking
  • Added -u/-g setuid/gid capability switches
  • Added -O IP address obfuscation switch
  • Added -t chroot switch
  • Fixed non-TCP/UDP/ICMP transport layer decoding & logging
  • Fixes and additions to the portscan preprocessor
  • Fixed Tru64 u_int* type declarations
  • Added check for pcap.h into configuration script
  • Fixed timeval problems on Linux boxen
  • Database logging plugin has been modified extensively, see the www.incident.org website for more information
  • Switched TCP flags printout routine to ensure proper RFP output scan output. ;)
  • Fixed default log/alert function code so that these functions are never NULL

Read this full article at snort.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.