Snort

[OXYGEN THIEF]

Snort to bezpłatny program (open source) który pozwala zapobiegać włamaniom do sieci, pozwala przeprowadzić analizę ruchu w sieci w czasie rzeczywistym i rejestrować pakiety w sieciach IP.

Snort może wykonywać analizę protokołów, może być wykorzystywany do wykrywania różnych ataków, takich jak przepełnienie bufora, skanowanie portów ukrytych, ataki CGI, SMB, próby pobierania odcisków palców systemu operacyjnego i wiele innych.

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[spamtrash]

Tu byl sobie post, ale @Kamelka ma pretensje ze jestem "ich ekspertem do wszystkiego". Wiec juz nie ma.

 

[OXYGEN THIEF]

Snort 2.9.14

Spoiler

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Camel1965]

Snort 2.9.17

snort 2.9.17

* src/preprocessors/Stream6/snort_stream_tcp.c,
src/preprocessors/spp_stream6.c :
Fixed Memory leak in reassembly networks and ports config during reload.

* src/file-process/file_resume_block.c,
src/file-process/file_service.c,
src/file-process/file_lib.c,
src/file-process/file_lib.h :
Fixed resume-block for SMBv2 partial content retry and pending verdicts.

* src/win32/WIN32-Prj/snort_installer.nsi :
Added user visible message to choose 4.1.1 or any higher version of winpcap, in windows 32 installer.

* src/win32/WIN32-Prj/snort_installer_x64.nsi,
src/win32/WIN32-Prj/snort_installer.nsi :
Fixed popup message that was not honoring windows silent uninstaller option.

* src/preprocessors/snort_httpinspect.c :
Fix to populate original client IP for drop events, when inline normalization is disabled.

* src/dynamic-preprocessors/appid/luaDetectorApi.c :
Fixed AppID caching proxy IP instead of tunneled IP in the dynamic cache during ultrasurf traffic.

* src/detection-plugins/sp_react.c,
src/dynamic-preprocessors/sdf/spp_sdf.c,
src/parser.c,
src/preprocessors/Stream6/snort_stream_tcp.c,
tools/u2streamer/Unified2File.c,
src/dynamic-preprocessors/appid/luaDetectorApi.c,
src/dynamic-preprocessors/appid/appInfoTable.c,
snort/src/dynamic-plugins/sf_dynamic_plugins.c,
src/memory_stats.c,
src/sfutil/sfportobject.c,
src/snort.h :
Fixed multiple static analysis issues.

* src/dynamic-preprocessors/appid/appInfoTable.c :
Fixed a potential race condition.

* configure.in,
src/reload.c :
Fix to not rely on the last-modified-time for loading the dynamic detection libs.

* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c,
src/file-process/file_capture.c,
src/file-process/file_resume_block.c,
src/file-process/file_segment_process.c,
src/file-process/file_service.c :
Added debug messages in file-process packet flow.

* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c :
Fix to address cases of ambiguous codes between SMTP & FTP and when SMTP server does not support EHLO.

* src/file-process/file_segment_process.c :
Fixed issue of generating multiple events for a single file transfer over SMB.

* src/dynamic-preprocessors/appid/appIdConfig.h,
src/dynamic-preprocessors/appid/appInfoTable.c,
src/dynamic-preprocessors/appid/appInfoTable.h,
src/dynamic-preprocessors/appid/flow.h,
src/dynamic-preprocessors/appid/fw_appid.c,
src/dynamic-preprocessors/appid/flow.h :
Fixed false positives for ultrasurf.

* src/dynamic-preprocessors/sip/spp_sip.c :
Fixed SIP pre-processor to detect SSL encrypted SIP traffic better.

* src/dynamic-preprocessors/appid/luaDetectorApi.c,
etc/gen-msg.map,
preproc_rules/preprocessor.rules,
src/file-process/file_service.c,
src/generators.h,
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/event_output/hi_eo_log.c,
src/preprocessors/HttpInspect/include/hi_client.h,
src/preprocessors/HttpInspect/include/hi_eo_events.h,
src/preprocessors/HttpInspect/include/hi_server.h,
src/preprocessors/HttpInspect/server/hi_server.c,
src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h :
Added support for HTTP range field parsing to detect if HTTP response/request is indeed partial or full content.

* src/preprocessors/spp_session.c :
Fixed TCP memcap oversize.

* src/dynamic-preprocessors/dcerpc2/dce2_stats.h,
src/dynamic-preprocessors/dcerpc2/snort_dce2.c,
src/dynamic-preprocessors/dcerpc2/spp_dce2.c,
src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.h,
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/client/hi_client_norm.c,
src/preprocessors/HttpInspect/include/hi_include.h,
src/preprocessors/HttpInspect/include/hi_paf.h,
src/preprocessors/HttpInspect/utils/hi_paf.c,
src/preprocessors/Stream6/snort_stream_icmp.c,
src/preprocessors/Stream6/snort_stream_icmp.h,
src/preprocessors/Stream6/snort_stream_ip.c,
src/preprocessors/Stream6/snort_stream_ip.h,
src/preprocessors/Stream6/snort_stream_tcp.c,
src/preprocessors/Stream6/snort_stream_tcp.h,
src/preprocessors/Stream6/snort_stream_udp.c,
src/preprocessors/Stream6/snort_stream_udp.h,
src/preprocessors/Stream6/stream_common.h,
src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h,
src/preprocessors/spp_httpinspect.c,
src/preprocessors/spp_httpinspect.h,
src/preprocessors/spp_stream6.c,
src/dynamic-preprocessors/appid/fw_appid.c,
src/dynamic-preprocessors/appid/fw_appid.h,
src/dynamic-preprocessors/appid/spp_appid.c :
Enhanced statistics dumped during snort exit and SIGUSR1.

* src/dynamic-preprocessors/imap/imap_paf.c,
src/dynamic-preprocessors/imap/snort_imap.h,
src/dynamic-preprocessors/pop/pop_paf.c,
src/dynamic-preprocessors/pop/snort_pop.h,
src/dynamic-preprocessors/sip/spp_sip.h,
src/dynamic-preprocessors/smtp/smtp_paf.c,
src/dynamic-preprocessors/smtp/snort_smtp.h,
src/dynamic-preprocessors/appid/flow.h,
src/dynamic-preprocessors/appid/service_plugins/service_ssl.c,
src/dynamic-preprocessors/dcerpc2/dce2_list.h,
src/dynamic-preprocessors/ftptelnet/ftpp_si.h,
src/file-process/file_segment_process.h,
src/file-process/libs/file_lib.h,
src/preprocessors/sip_common.h,
src/preprocessors/snort_httpinspect.h :
Optimized structures in several preprocessors.

* src/dynamic-preprocessors/dcerpc2/dce2_smb.c,
src/dynamic-preprocessors/dcerpc2/dce2_smb.h
src/file-process/file_service.c :
Fixed SMBv1 file block for pending verdict retry packets.

* src/dynamic-preprocessors/dcerpc2/dce2_smb.c :
Fixed SMBv1 unknown file size upload block.

* src/detect.c,
src/detect.h,
src/parser.c,
src/parser.h,
src/preprocessors/Session/session_common.h,
src/preprocessors/Stream6/snort_stream_udp.c,
src/preprocessors/Stream6/snort_stream_udp.h,
src/preprocessors/spp_stream6.c,
src/preprocessors/Stream6/stream_common.c,
src/preprocessors/Stream6/stream_common.h,
src/preprocessors/spp_stream6.c,
src/reload.c,
src/snort.c,
src/snort.h :
Fixed incorrect filtering of UDP traffic when "ignore_any_rules" is configured.

* src/detection-plugins/sp_session.c,
src/detection-plugins/sp_session.h,
src/sfutil/util_jsnorm.c :
Fixed GCC 10.1.1 compilation issues.

* src/decode.c,
src/decode.h,
src/log_text.c,
src/log.c,
src/preprocessors/Stream6/snort_stream_tcp.c :
Added support to detect TCP Fast Open packets.

* src/preprocessors/Stream6/snort_stream_tcp.c :
Fixed TCP segment queue hole issue as per the RFC793 recommendation for OOO Ack packet handling.

* src/detection-plugins/detection_leaf_node.c,
src/detection-plugins/detection_options.c,
src/dynamic-preprocessors/appid/appInfoTable.c,
src/dynamic-preprocessors/appid/fw_appid.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.c,
src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
src/dynamic-preprocessors/appid/service_plugins/service_rexec.c,
src/dynamic-preprocessors/appid/service_plugins/service_rpc.c,
src/dynamic-preprocessors/appid/service_plugins/service_rshell.c,
src/dynamic-preprocessors/appid/service_plugins/service_snmp.c,
src/dynamic-preprocessors/appid/service_plugins/service_tftp.c,
src/dynamic-preprocessors/ftptelnet/ftpp_si.c,
src/dynamic-preprocessors/ftptelnet/pp_ftp.c,
src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
src/dynamic-preprocessors/ftptelnet/spp_ftptelnet.c,
src/fpcreate.c,
src/parser.c,
src/preprocessors/Session/session_common.h,
src/preprocessors/spp_session.c,
src/reload.c,
src/snort.c :
Fixed build when some configure options were disabled.

* src/detection-plugins/sp_byte_math.c :
Fixed byte_math operation for multiplication integer overflow.

* src/dynamic-preprocessors/appid/appId.h,
src/dynamic-preprocessors/appid/service_plugins/service_ssl.c :
Fix to include 853 port in SSL detector for DNS over TLS runs on SSL.

* src/dynamic-plugins/sf_dynamic_plugins.c,
src/dynamic-plugins/sf_dynamic_preprocessor.h,
src/dynamic-preprocessors/appid/Makefile_defs,
src/dynamic-preprocessors/appid/luaDetectorApi.c,
src/dynamic-preprocessors/appid/util/common_util.h :
Fix for excessive logging of lua detector invalid LUA (null).

* snort/src/detection-plugins/sp_byte_check.c,
src/detection-plugins/sp_byte_extract.c,
src/detection-plugins/sp_byte_jump.c,
src/detection-plugins/sp_byte_math.c,
src/detection-plugins/sp_byte_math.h,
src/detection-plugins/sp_isdataat.c,
src/detection-plugins/sp_pattern_match.c :
Added support for allowing common names across rule options.

* src/memory_stats.c :
Removed a redundant log.

* spp_sip.c :
Fixed handling encrypted traffic by SIP preprocessor.

* snort/configure.in,
snort/doc/README.s7commplus,
snort/etc/sf_rule_options,
snort/etc/sf_rule_validation.conf,
snort/src/dynamic-preprocessors/Makefile.am,
snort/src/dynamic-preprocessors/s7commplus/Makefile.am,
snort/src/dynamic-preprocessors/s7commplus/s7comm_decode.c,
snort/src/dynamic-preprocessors/s7commplus/s7comm_decode.h,
snort/src/dynamic-preprocessors/s7commplus/s7comm_paf.c,
snort/src/dynamic-preprocessors/s7commplus/s7comm_paf.h,
snort/src/dynamic-preprocessors/s7commplus/s7comm_roptions.c,
snort/src/dynamic-preprocessors/s7commplus/s7comm_roptions.h,
snort/src/dynamic-preprocessors/s7commplus/spp_s7comm.c,
snort/src/dynamic-preprocessors/s7commplus/spp_s7comm.h,
snort/src/generators.h,
snort/src/preprocids.h :
Added support for s7Commplus protocol.

* src/preprocessors/Stream6/snort_stream_tcp.c :
Fixed out of order FIN packet leading to segment trimming.

* src/output-plugins/spo_unified2.c,
src/preprocessors/Stream6/snort_stream_tcp.c :
Fix to populate original IP in dropped events when inline normalization is enabled.

* snort/src/sfutil/sf_ip.h :
Fixed compiler warnings.

* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
Fixed DNS application detector failing to detect DNS traffic in some scenarios.

2020-07-24 Hariharan Chandrashekar <harchand@cisco.com>
snort 2.9.16.1

* src/dynamic-preprocessors/appid/appIdConfig.h,
src/dynamic-preprocessors/appid/appInfoTable.c,
src/dynamic-preprocessors/appid/flow.h,
src/dynamic-preprocessors/appid/fw_appid.c :
Added packet counters to make sure flows with one-way data don't pend forever.

* src/detection-plugins/sp_flowbits.c,
src/snort.c :
Fixed potential race condition between reload and exit path.

* src/detection-plugins/sp_session.c,
src/preprocessors/Stream6/stream_paf.h,
src/sfutil/util_jsnorm.c :
Added support for GCC version 10.1.1.

2020-03-15 Hariharan Chandrashekar <harchand@cisco.com>
snort 2.9.16

* src/preprocessors/Stream6/snort_stream_tcp.c :
Addressed an issue when out-of-order FIN is received by dropping it.

* src/output-plugins/spo_unified2.c,
src/preprocessors/Stream6/snort_stream_tcp.c :
Fixed an issue in which xtradata is not added to the alert in unified file.

* src/reload.c,
src/snort.c :
Fixed potential race condition between reload and exit path (main thread).

* etc/file_magic.conf :
Updated the file magic to detect ALZ file types.

* src/sfutil/sf_ip.h :
Added support for gcc version 9.2.1.

* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
Fixed an issue in which APPID returns no match.

* src/dynamic-preprocessors/dcerpc2/sf_dce2.vcxproj,
src/dynamic-preprocessors/dnp3/sf_dnp3.vcxproj,
src/dynamic-preprocessors/dns/sf_dns.vcxproj,
src/dynamic-preprocessors/dynamic_preprocessors.vcxproj,
src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.vcxproj,
src/dynamic-preprocessors/gtp/sf_gtp.vcxproj,
src/dynamic-preprocessors/imap/sf_imap.vcxproj,
src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.vcxproj,
src/dynamic-preprocessors/modbus/sf_modbus.vcxproj,
src/dynamic-preprocessors/pop/sf_pop.vcxproj,
src/dynamic-preprocessors/reputation/sf_reputation.vcxproj,
src/dynamic-preprocessors/sdf/sf_sdf.vcxproj,
src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.vcxproj,
src/dynamic-preprocessors/sip/sf_sip.vcxproj,
src/dynamic-preprocessors/smtp/sf_smtp.vcxproj,
src/dynamic-preprocessors/ssh/sf_ssh.vcxproj,
src/dynamic-preprocessors/ssl/sf_ssl.vcxproj,
src/win32/WIN32-Prj/build_all.vcxproj,
src/win32/WIN32-Prj/sf_engine.vcxproj,
src/win32/WIN32-Prj/sf_engine_initialize.vcxproj,
src/win32/WIN32-Prj/snort.vcxproj,
src/win32/WIN32-Prj/snort_initialize.vcxproj,
src/win32/WIN32-Prj/snort_installer_x64.nsi,
src/win32/WIN32-Prj/snort_x64.dsw,
src/win64/WIN64-Libraries/Packet.lib,
src/win64/WIN64-Libraries/libdnet/dnet.lib,
src/win64/WIN64-Libraries/pcre.lib,
src/win64/WIN64-Libraries/wpcap.lib,
src/win64/WIN64-Libraries/zlib.lib,
tools/u2spewfoo/u2spewfoo.vcxproj :
Added 64-bit support for Windows 10 operating system.

* src/dynamic-preprocessors/pop/snort_pop.c :
Fixed an issue where POP preprocessor was not generating alert in some cases.

* src/dynamic-preprocessors/gtp/gtp_parser.c :
Fixed the alerting logic for GTP v2 with missing TEID.

* src/preprocessors/HttpInspect/utils/hi_paf.c :
Fixed file policy not working with character prefix in chunk size.

* configure.in,
src/reload.c,
src/side-channel/sidechannel.c,
src/snort.c,
src/target-based/sftarget_reader.c,
src/util.h :
Added support for glibc version 2.30.

* src/decode.h,
src/dynamic-plugins/sf_engine/sf_snort_packet.h,
src/preprocessors/HttpInspect/utils/hi_paf.c,
src/preprocessors/Stream6/snort_stream_tcp.c,
src/preprocessors/Stream6/stream_paf.c,
src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h,
src/preprocessors/stream_api.h :
Added support for early inspection of HTTP payload before flushing in pre-ack mode.

* src/file-process/file_api.h,
src/file-process/file_service.c,
src/preprocessors/HttpInspect/include/hi_norm.h,
src/preprocessors/HttpInspect/include/hi_ui_config.h,
src/preprocessors/HttpInspect/server/hi_server_norm.c,
src/preprocessors/snort_httpinspect.c :
Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8.

2019-12-15 Hariharan Chandrashekar <harchand@cisco.com>
snort 2.9.15.1

* src/file-process/file_ss.c :
Fixed the right order of precedence. Thanks to David Binderman for reporting this.

* src/dynamic-preprocessors/ssl_common/ssl_config.c :
Fixed snort core seen during ssl re-configuration.

* src/fpdetect.c,
src/log_text.c, src/profiler.h :
Fixed compiler warnings.

* src/file-process/file_segment_process.c :
Fixed file access issues on files from SMB share.

* configure.in,
src/reload.c, src/side-channel/sidechannel.c,
src/snort.c, src/target-based/sftarget_reader.c, src/util.h :
Added support for glibc version 2.30.

2019-10-02 Hariharan Chandrashekar <harchand@cisco.com>
snort 2.9.15

* src/snort.c,
src/control/sfcontrol.c,
src/preprocessors/Session/stream5_ha.c,
src/preprocessors/session_api.h,
src/dynamic-plugins/sp_dynamic.c :
Fixed a potential race condition.

* src/detect.c :
Fixed static analysis issues.

* src/detect.c,
src/detect.h,
src/file-process/file_service.c,
src/reload.c,
src/sfdaq.h,
src/snort.c,
src/snort.h :
Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.

* src/dynamic-preprocessors/appid/fw_appid.c :
Added NULL check before dereferencing tcp_header.

* src/file-process/libs/file_lib.h,
src/sfdaq.h :
Fix to make daq_pktHdr globally visible and removed the extra Packet variable from the FILE_PKT_DEBUG macro.

* snort/etc/file_magic.conf :
Added support to detect new Korean file formats .egg and .alz to the file preprocessor.

* src/dynamic-preprocessors/gtp/gtp_parser.c,
src/dynamic-preprocessors/gtp/spp_gtp.h :
Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.

* src/detect.c :
Added a check before printing the Packet latency trace when detection is enabled or not.

* src/file-process/file_capture.c,
src/file-process/file_mime_process.c,
src/file-process/file_resume_block.c,
src/file-process/file_segment_process.c,
src/file-process/file_service.c,
src/file-process/libs/file_lib.c,
src/file-process/libs/file_lib.h,
src/sfdaq.h :
Added debug messages in file-process packet flow.

* src/dynamic-plugins/sp_dynamic.c,
src/reload.c,
src/reload.h,
src/snort.c :
Fixed dynamic rules from getting disabled after multiple reloads.

* src/pkt_tracer.c :
Fix to print packet trace information in the direction of the packet on the wire.

* etc/file_magic.conf :
Added new file magic to detect RAR file-type.

* src/dynamic-plugins/sf_dynamic_preprocessor.h :
Updated preproc version.

* src/dynamic-plugins/sf_dynamic_preprocessor.h :
Provided an API to query non-flow related information from DAQ.

* src/dynamic-plugins/sf_dynamic_plugins.c,
src/dynamic-plugins/sf_dynamic_preprocessor.h,
src/sfdaq.c,
src/sfdaq.h :
Added a generic api DAQ_Ioctl for dynamic preprocs to use for various daq clis.

* src/dynamic-preprocessors/appid/Makefile_defs,
src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c,
src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c,
src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.h,
src/dynamic-preprocessors/appid/service_plugins/service_ftp.c,
src/dynamic-preprocessors/appid/service_plugins/service_netbios.c,
src/dynamic-preprocessors/appid/service_plugins/service_nntp.c :
Fix to whitelist ftp data sessions when no file policy exists.

* src/dynamic-preprocessors/appid/fw_appid.c :
Fixed -Wparentheses warning.

* src/dynamic-preprocessors/appid/fw_appid.c :
Fixed the algorithm that triggers port only detection.

* src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/include/hi_paf.h,
src/preprocessors/HttpInspect/utils/hi_paf.c :
Fixed an issue where HTTP was wrongly processing non HTTP traffic on port 443.

* src/dynamic-preprocessors/appid/appIdConfig.h,
src/dynamic-preprocessors/appid/fw_appid.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.c,
src/dynamic-preprocessors/appid/service_plugins/service_base.h :
Fixed IPS alerts generation for ICMP packets.

* src/file-process/file_resume_block.c :
Fixed signature lookup when the context is not present.

* src/preprocessors/HttpInspect/utils/hi_paf.c :
Added a new state to handle HTTP responses, having no status message followed by status code.

* src/dynamic-plugins/sf_dynamic_plugins.c,
src/dynamic-plugins/sf_dynamic_preprocessor.h,
src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.h :
Added DPD callbacks for receiving ftp transfer mode before generating file events.

* snort/etc/file_magic.conf :
Fixed RTF file magic to a more generic value.

* src/preprocessors/spp_httpinspect.c :
Added debug logs during HTTP Reload.

* src/dynamic-preprocessors/reputation/shmem/shmem_mgmt.c :
Fix to bypass munmap if shmemSegptr points to zeroSegptr.

* src/parser.c :
Added rule SID check during Snort validation.

* src/pkt_tracer.c :
Corrected endianness representation for some of the parameters in the debug log.

2019-07-26 Hariharan Chandrashekar <harchand@cisco.com>
snort 2.9.14.1
* src/sfdaq.c :
Fixed packet drop scenario.

Zaloguj lub Zarejestruj się aby zobaczyć!

 

[Grandalf]

Snort 3.0

News:

Zaloguj lub Zarejestruj się aby zobaczyć!

Latest Changelog:

Zaloguj lub Zarejestruj się aby zobaczyć!

Pobieranie:

Zaloguj lub Zarejestruj się aby zobaczyć!

Zaloguj lub Zarejestruj się aby zobaczyć!