Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Je kunt ook een cookievrije versie van de website bezoeken met minder functionaliteit. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 2 reacties, 2.805 views •
Bron: Suricata, submitter: Victor78

Suricata logo (75 pix)Suricata is een opensource netwerk Intrusion Detections System (IDS), Intrusion Prevention System (IPS) en Network Security Monitoring-engine. De onwikkeling wordt overzien door de Open Information Security Foundation, met hulp van de community en diverse fabrikanten. Afgelopen donderdag is versie 1.4 uitgebracht en hierin zijn onder meer de prestaties, schaalbaarheid en betrouwbaarheid verbeterd. Het changelog van deze uitgave kan hieronder worden gevonden.

New features
  • Unix socket mode for batched processing of series of pcap (#571, #552) (experimental)
  • Interaction with Suricata via uix socket (#571, #552) (experimental)
  • IP Reputation: loading and matching (#647) (experimental)
  • New keyword: “luajit” to inspect packet, payload and all HTTP buffers with a Lua script (#346) (experimental)
  • Delayed detect initialization. Starts processing packets right away and loads detection engine in the background (#522)
  • Support for pkt_data keyword was added (#423)
  • Improved –list-keywords commandline option gives detailed info for supported keyword, including doc link (#435)
  • User and group to run as can now be set in the config file
  • Add stream event to match on overlaps with different data in stream reassembly (#603)
  • Decoding of IPv4-in-IPv6, IPv6-in-IPv6 and Teredo tunnels (#462, #514, #480)
  • Rules can be set to inspect only IPv4 or IPv6 (#494)
  • Added ability to control per server HTTP parser settings in much more detail (#503)
  • Make HTTP request and response body inspection sizes configurable per HTTP server config (#560)
  • Filesize keyword for matching on sizes of files in HTTP (#489)
  • Custom HTTP logging contributed by Ignacio Sanchez (#530)
  • TLS certificate logging and fingerprint computation and keyword by Jean-Paul Roliers (#443)
  • TLS certificate store to disk feature Jean-Paul Roliers (#444)
  • AF_PACKET IPS support (#516)
  • NFQ fail open support (#507)
  • PCAP/AF_PACKET/PF_RING packet stats are now printed in stats.log (#561, #625)
  • Support for Napatech cards through their 3rd generation driver was added by Matt Keeler from Npulse (#430, #619)
  • Endace support improved
  • New runmode for users of pcap wrappers (Myricom, PF_RING, others)
Improvements
  • Add contrib directory to the dist (#567)
  • Performance improvements to signatures with dsize option
  • Improved rule analyzer: print fast_pattern along with the rule (#558)
  • Fixes to stream engine reducing the number of events generated (#604)
  • Stream.inline option new defaults to “auto”, meaning enabled in IPS mode, disabled in IDS mode (#592)
  • HTTP handling in OOM condition was greatly improved (#557)
  • Filemagic keyword performance was improved (#585)
  • Updated bundled libhtp to 0.2.11
  • Build system improvements and cleanups
  • Live reloads now supports HTTP rule updates better (#522)
  • AF_PACKET performance improvements (#197, #415)
  • Make defrag more configurable (#517, #528)
  • Improve pool performance (#518)
  • Improve file inspection keywords by adding a separate API (#531)
  • Example threshold.config file provided (#302)
Changes since 1.4rc1
  • Decoder event matching fixed (#672)
  • Unified2 would overwrite files if file rotation happened within a second of file creation, leading to loss of events/alerts (#665)
  • Add more events to IPv6 extension header anomolies (#678)
  • Fix ICMPv6 payload and checksum calculation (#677, #674)
  • Clean up flow timeout handling (#656)
  • Fix a shutdown bug when using AF_PACKET under high load (#653)
  • Fix TCP sessions being cleaned up to early (#652)
Versienummer:1.4
Releasestatus:Final
Besturingssystemen:Windows 7, Windows XP, Windows Vista, Windows 8, Linux, Solaris, UNIX, OS X
Website:Suricata
Download:http://www.openinfosecfoundation.org/download/suricata-1.4.tar.gz
Bestandsgrootte:2,34MB
Licentietype:Voorwaarden (GNU/BSD/etc.)

Reacties (2)

Nooit van gehoord. Maar als ik de features zo bekijk, klinkt het voor mij als een geavanceerdere fail2ban :)
Fail2Ban is dan ook een relatief simpele IPS ;)

Op dit item kan niet meer gereageerd worden.



Apple iPhone 6Samsung Galaxy Note 4Apple iPad Air 2FIFA 15Motorola Nexus 6Call of Duty: Advanced WarfareApple WatchWorld of Warcraft: Warlords of Draenor, PC (Windows)Microsoft Xbox One 500GBWebsites en communities

© 1998 - 2014 Tweakers.net B.V. Tweakers is onderdeel van De Persgroep en partner van Computable, Autotrack en Carsom.nl Hosting door True