Suricata is a intrusion detection and prevention system that intends to bring a new approach and new ideas to the industry. The engine provides the user multiple configuration features and multi-thread support.
This tool is designed to help you monitor network traffic and to provide you with alerts by using a set of externally developed rules.
What's New in This Release:
New features:
· Luajit flow vars and flow ints support
· DNS parser, logger and keyword support
· deflate support for HTTP response bodies
Improvements:
· update to libhtp 0.5
· improved gzip support for HTTP response bodies
· redesigned transaction handling, improving both accuracy and performance
· redesigned CUDA support
· Be sure to always apply verdict to NFQ packet
· stream engine: SACK allocs should adhere to memcap
· stream: deal with multiple different SYN/ACK’s better
· stream: Randomize stream chunk size for raw stream inspection
· Introduce per stream thread ssn pool
· pass” IP-only rules should bypass detection engine after matching
· Generate error if bpf is used in IPS mode
· Add support for batch verdicts in NFQ
· Update Doxygen config
· Improve libnss detection
Fixes:
· Fix a FP on rules looking for port 0 and fragments
· OS X unix socket build fixed
· bytetest, bytejump and byteextract negative offset failure
· Fix fast.log formatting issues
· Invalidate negative depth
· Fixed accuracy issues with relative pc...