2011年12月15日

[installer 3045] snort-2.9.2

snort-2.9.2 出ています。

☆ snort-2.9.2
http://www.snort.org/
http://www.snort.org/snort-downloads

2011-12-14 - Snort 2.9.2
[*] New Additions

* SCADA (DNP3 and Modbus) preprocessors. Added two new preprocessors
to support writing rules for detecting attacks for control systems.
New rule keywords are supported, and DNP3 leverages Stream5 PAF
support for TCP reassembly. See the Snort Manual, README.dnp3 and
README.modbus for details of the configurations and new rule
options.

* GTP decoding and preprocessor. Updated the Snort packet decoders
and added a preprocessor to support detecting attacks over GTP (GPRS
Tunneling Protocol). Snort's GTP support handles multiple versions
of GTP and has a rich configuration set. See the Snort Manual and
README.GTP for details.

* Updates to the HTTP preprocessor to normalize HTTP responses that
include javascript escaped data in the HTTP response body. This
expands Snort's coverage in detecting HTTP client-side attacks.
See the Snort Manual and README.http_inspect for configuration
details.

* Added Protocol-Aware Flushing (PAF) support for FTP.

[*] Improvements
* Updates to Stream preprocessor to be able to track and store
"stream" data for non TCP/UDP flows. Also improvements to handle
when memory associated with a blocked stream is released and usable
for other connections.

* Updates to dce_stub_data to make it act the same as file_data
and pkt_data rule option keywords in how it interacts with
subsequent content/pcre/etc rule options.

* Updates to how Snort handles and processes signals received
from the OS.

* Enabled logging of normalized JavaScript to unified2 without the
use of the --enable-sourcefire configuration option.

* Improved handling of gaps and overlaps for "first" and "vista"
policies in Stream5.

* Added support for signal handler customization. At compile-time,
Snort can be customized to use different signal numbers.
This allows problems with overlapping signals to be fixed on a
per-platform basis, which is especially helpful for the BSDs.
See the Snort Manual for more details.

* Perfmonitor's output files ("now" files) are now created after
Snort drops privileges. Output files will now be owned by the
user and group specified with "-u" and "-g" at the command line.

----
こがよういちろう


投稿者 xml-rpc : 2011年12月15日 15:30
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/107620
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。