Update Snort 2.9.2.3 – A network intrusion prevention and detection system

Our  Post Before : 

  includes changes for the following:

* Update to GTP preprocessor to better handle GTPv1 data.

* Update to DNP3 preprocessor to add stricter checking on
packets before processing by dnp3.  Improved checking
on reassembly buffer

* Update to PCRE rule option processing to prevent issues
seen w/ libpcre-8.30 and certain rules.

* Update to dcerpc2 to not abort reassembly if target-based
protocol is undefined.

Platform : Windows & Unix/Linux

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.

Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger, or a full network intrusion prevention system.

Features : 

  •     Protocol analysis and content searching/matching
  •     Uses a flexible rules language to describe traffic that it should collect or pass
  •     Detection engine that utilizes a modular plug-in architecture
  •     Real-time alerting capability
  •     Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more