Hi, Below is a summary of whats changed since version 0.4.5. The main thing is probably the new extended log output which will form the basis of any remote logging protocol etc... Expect to see the ability for multiple sensors to reliably, securely and efficiently log to a central server which will index and and analyze the data allowing a GUI analyst console to connect and perform queries on the data (eg: correlation etc..). As soon as I have anything looking cool enough I'll post some screenshots heh :) download source code, binaries or RPMs directly from: http://www.scaramanga.co.uk/firestorm/download.html BUGS FIXED * Fix trivial memory leak in signature loading * Don't clobber existing logfiles in dump output module * Fix (very rare) infinite loop condition in string matcher * Fixed bug in snort rule parsing NEW FEATURES * Brand new TCP state tracking code, much more accurate and efficient * Decode IGMP and IrDA packets * New simplified log output plugin, one line per alert * New extended log output plugin (native firestorm format) * First stab at implementing uricontent properly * Implement dns_recursive matcher (triggers on recursive dns queries) * Implement dns_iterative matcher (triggers on iterative dns queries) * Real sid/rev support in snort signatures * Match on HTTP methods in HTTP requests * Bundle snort rules with the default distribution * Updated RPM to be easier to configure * Actually implement the SIGHUP handler for log rotation * Calculate checksums on TCP segments -- // Gianni Tedesco (gianni at ecsc dot co dot uk) 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part