Snort 1.7 Released
Source: snort.org - Posted by Dave Wreski   
Intrusion Detection Snort 1.7 has finally been released! Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content . . . Snort 1.7 has finally been released! Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort also has a modular real-time alerting capability, incorporating alerting and logging plugins for syslog, a ASCII text files, UNIX sockets, WinPopup messages to Windows clients using Samba's smbclient, database (Mysql/PostgreSQL/Oracle/ODBC) or XML.

Here is a brief list of some of the more major new additions to the program:

  • Dynamic rules (rules that can turn on other rules) added
  • Statistical Anomaly Detection preprocessor added
  • TCP stream reassembly preprocessor added
  • XML output plugin added
  • Database plugin enhanced, supports Oracle DB now
  • IP defragmentation preprocessor is 100% functional now on all platforms
  • HTTP decode preprocessor can now detect IIS/UNICODE attacks
  • Four new detection plugins(react, reference, fragbits, tos)
  • Three new command line switches (-L, -I, -X)
  • Improved packet printout code
  • Rules language now supports IP address lists
  • Arbitrary/user configurable action types now available
  • Snort now dumps packet statistics to console/syslog when prompted with a SIGUSR1
  • Updated documentation
  • Much more!

Resources:

Network Intrusion Detection Using Snort

Snort 1.7 RPM

Snort 1.7 SRPM

Read this full article at snort.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!