The Snort network intrusion detection system has been updated with HTTP and DCE/RPC protocol aware flushing and improved SIP, POP and IMAP3 preprocessors. Updates to the HTTP and DCE/RPC preprocessors now allow Snort to reassemble requests and responses, even when spread over many packets, and to intelligently flush the results.
Snort performs realtime analysis on IP network traffic to detect attempts to probe or attack the network by using a user-defined ruleset which characterises those attacks.

The improved SIP preprocessor can identify call channels and detect anomalies in SIP communications. The POP3 and IMAP preprocessors are able to decode email attachments in Base64, Quoted Printable and uuencoded formats and the SMTP preprocessor is now able to handle the latter two formats. An experimental IP Reputation preprocessor allows Snort to blacklist or whitelist packets based on their IP address.

The link for this article located at H Security is no longer available.