Snort 1.6.2 Released
Source: snort.org - Posted by Dave Wreski   
Intrusion Detection Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks . . . Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

You might also be interested in Network Intrusion Detection Using Snort as well as the snort RPM.

Version 1.6.2 is ready. This release is mostly a bug fix with several appreciable additons including IP defragmentaion, ODBC support, and new switches for runtime security.

Updates and changes with this release:

  • New preprocessor plugin: IP defragmentation!!
  • New output plugins cover all old logging and alerting options
  • New output plugin no logs to MySQL, PostgreSQL, unixODBC databases
  • Updated portscan detection functionality
  • Added quote removal for most plugin parsers
  • -C crash bug fixed
  • PID/PATH_VARRUN file fixes
  • Converted many putc(3) calls to fputc(3) for portability
  • Transport layer decoders use ip_len field for length metric now
  • String tokenizer code modified for more reliable operation
  • Fixed flexible response code sequence prediction
  • Fixed DEBUG ifdef's so DEBUG mode code will compile correctly on all platforms
  • Set automake options so that people don't need gmake anymore to build Snort on BSD systems
  • Fixed SMB alert code large tmp file hole
  • Added sigsetmask code to fix SIGHUP weirdness
  • Added execvp option for SIGHUP restart code
  • Added ARP header printout validation
  • Added Session logging file integrity checking
  • Added -u/-g setuid/gid capability switches
  • Added -O IP address obfuscation switch
  • Added -t chroot switch
  • Fixed non-TCP/UDP/ICMP transport layer decoding & logging
  • Fixes and additions to the portscan preprocessor
  • Fixed Tru64 u_int* type declarations
  • Added check for pcap.h into configuration script
  • Fixed timeval problems on Linux boxen
  • Database logging plugin has been modified extensively, see the www.incident.org website for more information
  • Switched TCP flags printout routine to ensure proper RFP output scan output. ;)
  • Fixed default log/alert function code so that these functions are never NULL

Read this full article at snort.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!