SnortÊÇÃÀ¹úSourcefire¹«Ë¾¿ª·¢µÄ·¢²¼ÔÚGPL v2ϵÄIDS£¨Intrusion Detection System£©Èí¼þ
SnortÓÐ ÈýÖÖ¹¤×÷ģʽ£ºÐá̽Æ÷¡¢Êý¾Ý°ü¼Ç¼Æ÷¡¢ÍøÂçÈëÇÖ¼ì²âϵͳģʽ¡£Ðá̽Æ÷ģʽ½ö½öÊÇ´ÓÍøÂçÉ϶ÁÈ¡Êý¾Ý°ü²¢×÷ΪÁ¬Ðø²»¶ÏµÄÁ÷ÏÔʾÔÚÖÕ¶ËÉÏ¡£Êý¾Ý°ü¼Ç¼Æ÷ģʽ°ÑÊý ¾Ý°ü¼Ç¼µ½Ó²ÅÌÉÏ¡£Íø·ÈëÇÖ¼ì²âģʽ·ÖÎöÍøÂçÊý¾ÝÁ÷ÒÔÆ¥ÅäÓû§¶¨ÒåµÄһЩ¹æÔò£¬²¢¸ù¾Ý¼ì²â½á¹û²ÉÈ¡Ò»¶¨µÄ¶¯×÷¡£ÍøÂçÈëÇÖ¼ì²âϵͳģʽÊÇ×Ôӵģ¬¶øÇÒÊÇ¿É ÅäÖõġ£
Snort¿ÉÒÔÓÃÀ´¼à²â¸÷ÖÖÊý¾Ý°üÈç¶Ë¿ÚɨÃèµÈÖ®Í⣬»¹ÌṩÁËÒÔXMLÐÎʽ»òÊý¾Ý¿âÐÎʽ¼Ç¼ÈÕÖ¾µÄ¸÷ÖÖ²å¼þ¡£
Snort 2.9.5.5 ¸Ä½øÄÚÈÝ°üÀ¨£º
Fixed an issue with the SMTP preprocessor and the ignore_tls_data configuration correctly stopping inspection after an SMTP session is encrypted.
All rule evaluation (as opposed to just rules with fast patterns) is now disabled for packets on a previously blocked session.
The perfmon preprocessor now writes stats as soon as both the time and packet count criteria are met.
The same restrictions are enforced on relative PCRE for HTTP buffers from shared library rules as already existed with text rules
¹Ù·½Ê×Ò³£ºhttp://www.snort.org/
À´×Ô:¿ªÔ´ÖйúÉçÇø
