Snort
2.9.15
Snort
2.9.15Network intrusion detection system.
Overview
Snort is a lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient.
What's new in Snort
Version 2.9.15:
- src/snort.c,
- src/control/sfcontrol.c,
- src/preprocessors/Session/stream5_ha.c,
- src/preprocessors/session_api.h,
- src/dynamic-plugins/sp_dynamic.c: Fixed a potential race condition.
- src/detect.c: Fixed static analysis issues.
- src/detect.c,
- src/detect.h,
- src/file-process/file_service.c,
- src/reload.c,
- src/sfdaq.h,
- src/snort.c,
- src/snort.h: Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
- src/dynamic-preprocessors/appid/fw_appid.c: Added NULL check before dereferencing tcp_header.
- src/file-process/libs/file_lib.h, src/sfdaq.h: Fix to make daq_pktHdr globally visible and removed the extra Packet variable from the FILE_PKT_DEBUG macro.
- snort/etc/file_magic.conf: Added support to detect new Korean file formats .egg and .alz to the file preprocessor.
- src/dynamic-preprocessors/gtp/gtp_parser.c,
- src/dynamic-preprocessors/gtp/spp_gtp.h: Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
- src/detect.c: Added a check before printing the Packet latency trace when detection is enabled or not.
- src/file-process/file_capture.c,
- src/file-process/file_mime_process.c,
- src/file-process/file_resume_block.c,
- src/file-process/file_segment_process.c,
- src/file-process/file_service.c,
- src/file-process/libs/file_lib.c,
- src/file-process/libs/file_lib.h,
- src/sfdaq.h: Added debug messages in file-process packet flow.
- src/dynamic-plugins/sp_dynamic.c,
- src/reload.c,
- src/reload.h,
- src/snort.c: Fixed dynamic rules from getting disabled after multiple reloads.
- src/pkt_tracer.c: Fix to print packet trace information in the direction of the packet on the wire.
- etc/file_magic.conf: Added new file magic to detect RAR file-type.
- src/dynamic-plugins/sf_dynamic_preprocessor.h: Updated preproc version.
- src/dynamic-plugins/sf_dynamic_preprocessor.h: Provided an API to query non-flow related information from DAQ.
- src/dynamic-plugins/sf_dynamic_plugins.c,
- src/dynamic-plugins/sf_dynamic_preprocessor.h,
- src/sfdaq.c,
- src/sfdaq.h: Added a generic api DAQ_Ioctl for dynamic preprocs to use for various daq clis.
- src/dynamic-preprocessors/appid/Makefile_defs,
- src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
- src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
- src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c,
- src/dynamic-preprocessors/appid/service_plugins/service_base.h,
- src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
- src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
- src/dynamic-preprocessors/appid/service_plugins/service_nntp.c: Fix to whitelist ftp data sessions when no file policy exists.
- src/dynamic-preprocessors/appid/fw_appid.c: Fixed -Wparentheses warning.
- src/dynamic-preprocessors/appid/fw_appid.c: Fixed the algorithm that triggers port only detection.
- src/preprocessors/HttpInspect/client/hi_client.c,
- src/preprocessors/HttpInspect/include/hi_paf.h,
- src/preprocessors/HttpInspect/utils/hi_paf.c: Fixed an issue where HTTP was wrongly processing non HTTP traffic on port 443.
- src/dynamic-preprocessors/appid/appIdConfig.h,
- src/dynamic-preprocessors/appid/fw_appid.c,
- src/dynamic-preprocessors/appid/service_plugins/service_base.c,
- src/dynamic-preprocessors/appid/service_plugins/service_base.h: Fixed IPS alerts generation for ICMP packets.
- src/file-process/file_resume_block.c: Fixed signature lookup when the context is not present.
- src/preprocessors/HttpInspect/utils/hi_paf.c: Added a new state to handle HTTP responses, having no status message followed by status code.
- src/dynamic-plugins/sf_dynamic_plugins.c,
- src/dynamic-plugins/sf_dynamic_preprocessor.h,
- src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
- src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h: Added DPD callbacks for receiving ftp transfer mode before generating file events.
- snort/etc/file_magic.conf: Fixed RTF file magic to a more generic value to prevent evasions.
- src/preprocessors/spp_httpinspect.c: Added debug logs during HTTP Reload.
- src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c: Fix to bypass munmap if shmemSegptr points to zeroSegptr.
- src/parser.c: Added rule SID check during Snort validation.
- src/pkt_tracer.c: Corrected endianness representation for some of the parameters in the debug log.
Join over 500,000 subscribers.
Subscribe for our newsletter with best Mac offers from MacUpdate.
Free
App requirements:
- Intel 64
- Intel 32
- Mac OS X 10.1.5 or later
Category:
Developer Website:
Install with MacUpdateDownloaded & Installed 10,904 times
6 Snort Reviews
Rate this app:
Most helpful