Выход Snort, популярной свободной системы обнаружения атак (IDS), версии 2.4.5 завершает развитие ветки 2.4.x. И одновременно с ней выпущена первая версия новой ветки проекта — Snort 2.6.0.
В Snort 2.6 проведена работа по увеличению производительности, появилась реализация системы динамических правил и динамических предпроцессоров.
В обеих версиях усовершенствована обработка RPC-вызовов, улучшена работа систем определения факта сканирования портов и контроля HTTP-соединений.

---

Home_http://www.snort.org/
Downloads (~3,17 Mb)_http://www.snort.org/...t-2.6.0.tar.gz
2.4.5 (~2,69 Mb)_http://www.snort.org/...t-2.4.5.tar.gz

New Additions
* New Feature for HTTP Inspect to split requests into 5 components -
Method, URI, Header (non-cookie), Cookies, Body. Added HTTP server
specific configurations to normalize HTTP header and/or cookie buffers.
Provided content and PCRE modifiers to allow searches within one or
more of those individual buffers. Added content modifier to allow rule
writer to specify content to be used for fast pattern matcher.
Updated dynamic rule API to allow searches within the new buffers.

* Support for MPLS decoding.

* New option to rule and preprocessor profiling configuration for
logging to file instead of syslog.

Improvements
* Update to fix compilation issue on HPUX machines related to rule and
preprocessor performance profiling.

* Update to correct the wording of IP datagram length being greater than
the captured length decoder alert.

* Update to correct logging issue when using 'ruletype' keyword.

---

Downloads (~4,2 Mb)_http://www.snort.org/dl/snort-2.8.3.tar.gz

---

Downloads (~4,2 Mb)_http://www.snort.org/...2.8.3.1.tar.gz

Snort 2.8.4 introduces:
- A revised DCE/RPC preprocessor with more rule options
With the new DCE/RPC preprocessor, there will be a number of updates to the rules. Please be sure to update your rules to the latest when that package is available (next few days).
- Support for IPv6 in Frag3 and all application preprocessors
- Improved target-based support in preprocessors
- Option to automatically pre-filter traffic that is not inspected in order to improve performance
- Several other improvements and fixes

---

Downloads (~4,4 Mb)_http://www.snort.org/dl/snort-2.8.4.tar.gz

Snort 2.8.4.1 addresses several issues:

• Adds new DCE/RPC preprocessor to the RPM files
• Fixes an issue with the database output plugin that caused Snort to not insert records into the sensor table
• Fixes issues with parsing of IP variables with IPv6 support
• Fixes handling of a simultaneous ACK and RST, when Stream5 option require_3whs was enabled and the session had timed out

---

Downloads (~4,4 Mb)_http://www.snort.org/...2.8.4.1.tar.gz

• Ability to specify multiple configurations (snort.conf and everything it includes), bound either by Vlan ID or IP Address. This allows you to run one instance of Snort with multiple snort.conf files, rather than having separate processes. See README.multipleconfigs for details.
• Continued inspection of traffic while reloading a configuration.
• Add --enable-reload option to your configure script prior to building. See README.reload for details.
• Rate Based Attack Prevention for Connection Attempts, Concurrent Connections, and improved rule/event filtering. See README.filters for details.
• SSH preprocessor is no longer experimental
• Multiple performance improvements

---

Downloads (~4,5 Mb)_http://dl.snort.org/s...t-2.8.5.tar.gz

• Fixed syslog output when running on Windows.
• Fixed potential segfault when printing IPv6 packets using the -v option. Thanks to
• Laurent Gaffie for reporting this issue.
• Fixed segfault when additional policies were added during a configuration reload.

---

Downloads (~4,5 Mb)_http://dl.snort.org/s...2.8.5.1.tar.gz

Snort 2.8.5.2 addresses some issues identified in Snort:

• Improvements to HTTP Inspect for handling of pipelined requests and chunked encodings.
• Updated the documentation for output plugins and log limits.
• Fixed building on AIX 6.
• Fixed reloading of auto-iface variables when privileges had been dropped.
• Fixed issues at startup and perfstats rotation with old versions of libc (2.2, 2.3) & linux threads.

---

Downloads (~4,6 Mb)_http://dl.snort.org/s...2.8.5.2.tar.gz

Improvements
* General code improvements and clean up in the rpc
preprocessor related to the processing of Sun rpc data.

* Fixed an issue where, under particular conditions, a reload
of the Snort configuration file without a restart would
cause Snort to stop responding.

---

Downloads (~4,6 Mb)_http://dl.snort.org/s...2.8.5.3.tar.gz

New Additions
* HTTP Inspect now splits requests into 5 components -
Method, URI, Header (non-cookie), Cookies, Body.
Content and PCRE rule options can now search one or more of these buffers.

HTTP server-specific configurations to normalize the HTTP header and/or
cookies have been added.

Support gzip decompression across multiple packets.

* Added a Sensitive Data preprocessor, which performs detection of
Personally Identifiable Information (PII). A new rule option is available
to define new PII. See README.sensitive_data and the Snort Manual
for configuration details.

* Added a new pattern matcher and related configurations. The new pattern
matcher is optimized to use less memory and perform at AC speed.

Improvements
* Addressed problem to resolve output obfuscation affecting packets
when Snort is inline.

* Preprocessors with memcap settings can now be configured in a "disabled"
state. This allows you to configure that memcap globally, but only enable
the preprocessor in targeted configurations.

---

Downloads (~4,7 Mb)_http://dl.snort.org/s...t-2.8.6.tar.gz

---

Downloads (~4,7 Mb)_http://www.snort.org/downloads/116