Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
|Operating Systems||Windows Windows Windows FreeBSD OpenBSD Linux|
Release Notes: This release adds many new features and fixes, including file capture and storage, file type identification, and updates to SMTP, POP, and IMAP.
Release Notes: This release fixed an issue with the SMTP preprocessor and the ignore_tls_data configuration correctly stopping inspection after an SMTP session is encrypted. All rule evaluation (as opposed to just rules with fast patterns) is now disabled for packets on a previously blocked session. The perfmon preprocessor now writes stats as soon as both the time and packet count criteria are met. The same restrictions are enforced on relative PCRE for HTTP buffers from shared library rules as already existed with text rules.
Release Notes: This release adds many bugfixes, additions, and improvements.
Release Notes: This release removes proxy information from HTTP URI searching so that the URI matches are just on the actual URI, making offsets work as expected. It addresses an issue when logging of packet data via unified2 when alerting on a packet with multiple HTTP PDUs. It will continue to search for patterns within the HTTP URI until the end of the URI.
Release Notes: This release updates file processing for partial HTTP content and MIME attachments, adds the new configuration option max_attribute_services_per_host and improves memory usage within attribute tables, handles excessive overlaps in frag3, adds Stream API updates to return a session key for a session, reduces false positives for TCP window slam events, updates to provide better encoding for TCP packets generated for "respond and react", and disables non-ethernet decoders by default (for performance reasons).