![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Fri, 05 Jan 2001 16:52:16 -0500
From: Martin Roesch <roesch@md.prestige.net>
To: lwn@lwn.net
Subject: Snort 1.7 released
I've been a long time reader of LWN and have always wanted to send a you guys
a story about Snort, but I've been waiting until the feature set was more
complete. With this release we're pretty much competitive with any commercial
system on the market, so I thought it'd be something that LWN would be
interested in reporting on (since displacing expensive proprietary systems is
one of the things this movement is all about). Anyway, here's the data on the
system:
Snort is an Open Source (GPL) Network Intrusion Detection System that's been
freely available for just over two years. Today marks the release of version
1.7 of Snort. FYI, here's the informational blurb on Snort:
Snort is an open source network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
and much more. Snort uses a flexible rules language to describe traffic
that it should collect or pass, as well as a detection engine that utilizes
a modular plugin architecture. Snort also has a modular real-time
alerting capability, incorporating alerting and logging plugins for
syslog, a ASCII text files, UNIX sockets, WinPopup messages to Windows
clients using Samba's smbclient, database (Mysql/PostgreSQL/Oracle/ODBC) or
XML.
Version 1.7 incorporates a number of improvements and enhancements including:
* IP defragmentation
* TCP stream reassembly
* Statistical anomaly detection
* IIS/UNICODE attack detection
* XML output
* Oracle database support
* Dynamic rules
* IP address lists
* Four new detection plugins
* Three new command line switches
* Reams of documentation
Thanks for your time, I hope you guys will find this newsworthy!
-Marty
--
Martin Roesch
roesch@md.prestige.net
http://www.snort.org