Categories Desktop Apps For You

Snort

Name: Snort
Rating: 0 (5 reviews)

2.9.15

11 October 2019

Network intrusion detection system.

Overview

Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.

What's new in Snort

Version 2.9.15:

src/snort.c,
src/control/sfcontrol.c,
src/preprocessors/Session/stream5_ha.c,
src/preprocessors/session_api.h,
src/dynamic-plugins/sp_dynamic.c: Fixed a potential race condition.
src/detect.c: Fixed static analysis issues.
src/detect.c,
src/detect.h,
src/file-process/file_service.c,
src/reload.c,
src/sfdaq.h,
src/snort.c,
src/snort.h: Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
src/dynamic-preprocessors/appid/fw_appid.c: Added NULL check before dereferencing tcp_header.
src/file-process/libs/file_lib.h, src/sfdaq.h: Fix to make daq_pktHdr globally visible and removed the extra Packet variable from the FILE_PKT_DEBUG macro.
snort/etc/file_magic.conf: Added support to detect new Korean file formats .egg and .alz to the file preprocessor.
src/dynamic-preprocessors/gtp/gtp_parser.c,
src/dynamic-preprocessors/gtp/spp_gtp.h: Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
src/detect.c: Added a check before printing the Packet latency trace when detection is enabled or not.
src/file-process/file_capture.c,
src/file-process/file_mime_process.c,
src/file-process/file_resume_block.c,
src/file-process/file_segment_process.c,
src/file-process/file_service.c,
src/file-process/libs/file_lib.c,
src/file-process/libs/file_lib.h,
src/sfdaq.h: Added debug messages in file-process packet flow.
src/dynamic-plugins/sp_dynamic.c,
src/reload.c,
src/reload.h,
src/snort.c: Fixed dynamic rules from getting disabled after multiple reloads.
src/pkt_tracer.c: Fix to print packet trace information in the direction of the packet on the wire.
etc/file_magic.conf: Added new file magic to detect RAR file-type.
src/dynamic-plugins/sf_dynamic_preprocessor.h: Updated preproc version.
src/dynamic-plugins/sf_dynamic_preprocessor.h: Provided an API to query non-flow related information from DAQ.
src/dynamic-plugins/sf_dynamic_plugins.c,
src/dynamic-plugins/sf_dynamic_preprocessor.h,
src/sfdaq.c,
src/sfdaq.h: Added a generic api DAQ_Ioctl for dynamic preprocs to use for various daq clis.
src/dynamic-preprocessors/appid/Makefile_defs,
src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.h,
src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
src/dynamic-preprocessors/appid/service_plugins/service_nntp.c: Fix to whitelist ftp data sessions when no file policy exists.
src/dynamic-preprocessors/appid/fw_appid.c: Fixed -Wparentheses warning.
src/dynamic-preprocessors/appid/fw_appid.c: Fixed the algorithm that triggers port only detection.
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/include/hi_paf.h,
src/preprocessors/HttpInspect/utils/hi_paf.c: Fixed an issue where HTTP was wrongly processing non HTTP traffic on port 443.
src/dynamic-preprocessors/appid/appIdConfig.h,
src/dynamic-preprocessors/appid/fw_appid.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.h: Fixed IPS alerts generation for ICMP packets.
src/file-process/file_resume_block.c: Fixed signature lookup when the context is not present.
src/preprocessors/HttpInspect/utils/hi_paf.c: Added a new state to handle HTTP responses, having no status message followed by status code.
src/dynamic-plugins/sf_dynamic_plugins.c,
src/dynamic-plugins/sf_dynamic_preprocessor.h,
src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h: Added DPD callbacks for receiving ftp transfer mode before generating file events.
snort/etc/file_magic.conf: Fixed RTF file magic to a more generic value to prevent evasions.
src/preprocessors/spp_httpinspect.c: Added debug logs during HTTP Reload.
src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c: Fix to bypass munmap if shmemSegptr points to zeroSegptr.
src/parser.c: Added rule SID check during Snort validation.
src/pkt_tracer.c: Corrected endianness representation for some of the parameters in the debug log.

6 Snort Reviews

I experience some problems while trying to compile. The ./configure script stops and it displays : ---------- [localhost:dpelanch/Desktop/snort-1.8.1-RELEASE] root# ./configure loading cache ./config.cache checking for a BSD compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking whether make sets ${MAKE}... yes checking for working aclocal... missing checking for working autoconf... found checking for working automake... missing checking for working autoheader... found checking for working makeinfo... missing checking for gcc... no checking for cc... cc checking whether the C compiler (cc ) works... no configure: error: installation or configuration problem: C compiler cannot create executables. -------- Help me or send me a binary. Thank's

Like

Version 1.8.1