terça-feira, 27 de julho de 2010

Snort 2.9.0 Beta Available

Awesome new features coming with snort 2.9.0 . I'll do lot of tests after Blackhat/Defcon .


A beta version of Snort 2.9.0 is now available on snort.org, at
http://www.snort.org/snort-downloads/

Snort 2.9.0 introduces:

  * Feature rich IPS mode including improvements to Stream for
    inline deployments.  Additionally a common active response API is
    used for all packet responses, including those from Stream,
    Respond, or React.  A new response module, respond3, supports the
    syntax of both resp & resp2, including strafing for passive
    deployments.  When Snort is deployed inline, a new preprocessor
    has been added to handle packet normalization to allow Snort
    to interpret a packet the same way as the receiving host.

  * Use of a Data Acquisition API (DAQ) that supports many different
    packet access methods including libpcap, netfilterq, IPFW, and
    afpacket.  For libpcap, version 1.0 or higher is now required.
    The DAQ library can be updated independently from Snort and is
    a separate module that Snort links.  See README.daq for details
    on using Snort and the new DAQ.

  * Updates to HTTP Inspect to extract and log IP addresses from
    X-Forward-For and True-Client-IP header fields when Snort generates
    events on HTTP traffic.

  * A new rule option 'byte_extract' that allows extracted values to
    be used in subsequent rule options for isdataat, byte_test,
    byte_jump, and content distance/within/depth/offset.

  * Updates to SMTP preprocessor to support MIME attachment decoding
    across multiple packets.

  * Ability to "test" drop rules using Inline Test Mode.  Snort will
    indicate a packet would have been dropped in the unified2 or
    console event log if policy mode was set to inline.

  * Two new rule options to support base64 decoding of certain pieces
    of data and inspection of the base64 data via subsequent rule
    options.

  * Updates to the Snort packet decoders for IPv6 for improvements to
    anomaly detection.

  * Added a new pattern matcher that supports Intel's Quick Assist
    Technology for improved performance on supported hardware
    platforms.  Visit http://www.intel.com to find out more about
    Intel Quick Assist.  The following document describes Snort's
    integration with the Quick Assist Technology
http://download.intel.com/embedded/applications/networksecurity/324029.pdf

  * Reference applications for reading unified2 output that handle
    all unified2 record formats used by Snort.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to snort-beta@sourcefire.com.

Happy Snorting!
The Snort Release Team
Postado por às
Marcadores:

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)