Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
|Operating Systems||Windows Windows Windows FreeBSD OpenBSD Linux|
Release Notes: This release removes proxy information from HTTP URI searching so that the URI matches are just on the actual URI, making offsets work as expected. It addresses an issue when logging of packet data via unified2 when alerting on a packet with multiple HTTP PDUs. It will continue to search for patterns within the HTTP URI until the end of the URI.
Release Notes: This release updates file processing for partial HTTP content and MIME attachments, adds the new configuration option max_attribute_services_per_host and improves memory usage within attribute tables, handles excessive overlaps in frag3, adds Stream API updates to return a session key for a session, reduces false positives for TCP window slam events, updates to provide better encoding for TCP packets generated for "respond and react", and disables non-ethernet decoders by default (for performance reasons).
Release Notes: Consolidation of IPv6, file API and improvements to file processing, use of address space ID for tracking Frag & Stream connections, logging of packet data that triggers PPM for post-analysis, decoding of IPv6 with PPPoE, and more.
Release Notes: This release fixes a check for TCP RST flags to prevent sending resets to reset packets with inline and active responses, updates hashing for internal storage of rule options for 64bit platforms when checking uniqueness to remove duplicate copies in memory and addresses some small memory leaks from parsing snort.conf. Please note that 22.214.171.124 and later packages are signed with a new PGP key (which is signed with the previous key).
Release Notes: Updates to the flowbit rule option, dcerpc2, and reputation preprocessors. A new dynamic output plugin architecture API. Various updates and improvements to http_inspect, SMTP mempool allocations, and email attachment processing. pflog v4 support has been added to packet decoders. Logging of multiple unified2 alerts with reassembled packets has been fixed. Compiler warning cleanup across multiple platforms. All database output support has been removed.