Date: Fri, 05 Jan 2001 16:52:16 -0500 From: Martin Roesch <roesch@md.prestige.net> To: lwn@lwn.net Subject: Snort 1.7 released I've been a long time reader of LWN and have always wanted to send a you guys a story about Snort, but I've been waiting until the feature set was more complete. With this release we're pretty much competitive with any commercial system on the market, so I thought it'd be something that LWN would be interested in reporting on (since displacing expensive proprietary systems is one of the things this movement is all about). Anyway, here's the data on the system: Snort is an Open Source (GPL) Network Intrusion Detection System that's been freely available for just over two years. Today marks the release of version 1.7 of Snort. FYI, here's the informational blurb on Snort: Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort also has a modular real-time alerting capability, incorporating alerting and logging plugins for syslog, a ASCII text files, UNIX sockets, WinPopup messages to Windows clients using Samba's smbclient, database (Mysql/PostgreSQL/Oracle/ODBC) or XML. Version 1.7 incorporates a number of improvements and enhancements including: * IP defragmentation * TCP stream reassembly * Statistical anomaly detection * IIS/UNICODE attack detection * XML output * Oracle database support * Dynamic rules * IP address lists * Four new detection plugins * Three new command line switches * Reams of documentation Thanks for your time, I hope you guys will find this newsworthy! -Marty -- Martin Roesch roesch@md.prestige.net http://www.snort.org