Snort 2.9.1 发布,入侵检测系统

发布于 2011年08月28日
收藏 4


Snort有 三种工作模式:嗅探器、数据包记录器、网络入侵检测系统模式。嗅探器模式仅仅是从网络上读取数据包并作为连续不断的流显示在终端上。数据包记录器模式把数 据包记录到硬盘上。网路入侵检测模式分析网络数据流以匹配用户定义的一些规则,并根据检测结果采取一定的动作。网络入侵检测系统模式是最复杂的,而且是可 配置的。

Snort 发布了 2.9.1版,主要改变:
    * Protocol aware reassembly support for HTTP and DCE/RPC preprocessors. Updates to Stream5 allowing Snort to more intelligently inspect HTTP and DCE/RPC requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).
    * SIP preprocessor to identify SIP call channels and provide rule access via new rule option keywords. Also includes new preprocessor rules for anomalies in the SIP communications. See the Snort Manual and README.sip for details.
    * POP3 & IMAP preprocessors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP preprocessor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details.
    * Support for reading large pcap files.
    * Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients to unified2 when Snort generates events on related traffic.
    * IP Reputation preprocessor, allowing Snort to blacklist or whitelist packets based on their IP addresses. This preprocessor is still in an experimental state, so please report any issues to the Snort team. See README.reputation for more information.

转载请注明:文章转载自 OSCHINA 社区 []
本文标题:Snort 2.9.1 发布,入侵检测系统