Tuesday, April 22, 2003
Very major update to this great IDS:
Snort 2.0 has been released and is available at snort.org.
Snort 2.0 is the result of many months of effort on the part of dozens of people and has a slew of new features:
Enhanced high-performance detection engine
Stateful Pattern Matching
New detection keywords: byte_test & byte_jump
The Snort code base has undergone an external third party professional security audit funded by
Sourcefire (http://www.sourcefire.com)
Many new and updated rules
snort.conf has been updated
Enhancements to self preservation mechanisms in stream4 and frag2
State tracking fixes in stream4
New HTTP flow analyzer
Enhanced protocol decoding (TCP options, 802.1q, etc)
Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc)
Enhanced flexresp mode for real-time TCP session sniping
Better chroot()'ing
Tagging system updated
Several million bugs addressed....
Updated FAQ (thanks to Erek Adams and Dragos Ruiu)
posted by David |
4/22/2003 04:47:00 PM
|
|
|
|
|
0 Comments:
Post a Comment
<< Home