Snort 2.9.8.2 发布了,改进日志如下:
[*] New additions
* Future-flow and DNS API exposed to lua detector.
* Double VLAN tagging support.
[*] Improvements
* Performance improvements to AppID.
* Stability improvements to file and ftp_telnet preprocessor.
* Fixed several issues with SDF and obfuscation.
* Resolved an issue of improper handling of malformed DNS host
in AppID.
* HTTP PAF accepts all tokens between method and version strings
in a request URI.
* Resolved snort build issue with "--disable-perfprofiling" configure
option.
* Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.
* Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0.
* End of Header(EOH) identification for HTTP response header spanning multiple
packets.
* Improved packet reassembly for HTTP.
* Fixed Flash LZMA decompression issue.
下载地址:https://www.snort.org/downloads
Snort是美国Sourcefire公司开发的发布在GPL v2下的IDS(Intrusion Detection System)软件
Snort有 三种工作模式:嗅探器、数据包记录器、网络入侵检测系统模式。嗅探器模式仅仅是从网络上读取数据包并作为连续不断的流显示在终端上。数据包记录器模式把数 据包记录到硬盘上。网路入侵检测模式分析网络数据流以匹配用户定义的一些规则,并根据检测结果采取一定的动作。网络入侵检测系统模式是最复杂的,而且是可 配置的。
Snort可以用来监测各种数据包如端口扫描等之外,还提供了以XML形式或数据库形式记录日志的各种插件。
来自:开源中国社区
