Snort is a powerful network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks.
Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.
What's New in This Release:
New additions:
· Consolidation of IPv6 -- now only a single build supports both IPv4 & IPv6, and removal of the IPv4 "only" code paths.
· File API and improvements to file processing for HTTP downloads and email attachments via SMTP, POP, and IMAP to facilitate broader file support
· Use of address space ID for tracking Frag & Stream connections when it is available with the DAQ
· Logging of packet data that triggers PPM for post-analysis via Snort event
· Decoding of IPv6 with PPPoE
· Added an API call to add a service to a host in the attribute table. Remove the unused live attribute update code.
Improvements:
· Update to Stream5 PAF for handling gaps in the sequence numbers of packets being reassembled.
· Selection of the Stream TCP policy based on the server rather than the destination of first packet seen by Snort
· Allow disabling of global thresholds via a count of -1
· Prevent blocking duplicate SYNs when using inline normalization
· Add SSLv3 backwards compatibility support for SSLv...