Snort 2.9.7.6 发布,此版本更新内容如下:
新特性
* Added support for detecting 'SSH tunneling over HTTP'.
改进
* Behavioral change in file processing to block malware files in inline-test mode also.
* Improvements to XFF handling in case of pipelined HTTP requests.
* Stability improvements for Stream6 preprocessor.
* Resolved an issue where min_ttl decoder was dropping packets in alert mode also.
* Added improved support to inspect unlimited packets in HTTP.
* Resolved an issue where reputation config incorrectly displayed 'blacklist' in
priority field even though 'whitelist' option was configured.
Snort是美国Sourcefire公司开发的发布在GPL v2下的IDS(Intrusion Detection System)软件
Snort有 三种工作模式:嗅探器、数据包记录器、网络入侵检测系统模式。嗅探器模式仅仅是从网络上读取数据包并作为连续不断的流显示在终端上。数据包记录器模式把数据包记录到硬盘上。网路入侵检测模式分析网络数据流以匹配用户定义的一些规则,并根据检测结果采取一定的动作。网络入侵检测系统模式是最复杂的,而且是可配置的。
Snort可以用来监测各种数据包如端口扫描等之外,还提供了以XML形式或数据库形式记录日志的各种插件。
软件详情:https://s3.amazonaws.com/snort-org-site/production/release_files/files/000/002/540/original/changelog_2.9.7.6.txt?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1443655750&Signature=I6yhQ%2F6NjlOoh%2FmKGAHY3fTGu6E%3D
下载地址:https://www.snort.org/downloads/snort/snort-2.9.7.6.tar.gz
来自:开源中国社区
