[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANN]: Firestorm 0.5.1 released

To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: [ANN]: Firestorm 0.5.1 released
From: Gianni Tedesco <gianni@xxxxxxxxxx>
Date: 03 Dec 2002 12:40:48 +0000
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
Organization:

Hi,

It has been a while, but hell, I'm lazy. Firestorm 0.5.1 (aka.
Amphetamine Aardvark) has been released to satisfy your intrusion
detecting preversions.

For those not in the know. Firestorm is a very fast and efficient
network intrusion detection system. It is released under the GPL and is
targeted primarily at UNIX-like systems (eg: Linux, *bsd, etc..).
Firestorm has good support for snort signatures, IP defragmentation, TCP
state tracking, and a bunch of other cool features.

PS. Is anyone actually interested in doing NIDS on IPX networks (or
infact anything other than IP)? It looks trivial for me to add support
for IPX signatures that can be based on snort signature format...

You can download source-code and RPMs from the usual place:

 http://www.scaramanga.co.uk/firestorm/download.html

Below is a summary of changes between 0.4.6 and 0.5.1, use of the
intermediate 0.5.0 version is not recommended.

NEW FEATURES
------------
 o Support for ratelimiting alerts (per-alert, burstable)
 o 2 new snort keywords 'rate' and 'burst'
 o Built-in alerts are appropriately ratelimited
 o New (MUCH) faster and simpler packet classifier
 o Now differenciates 802.3 from Ethernet II
 o Support for LLC, SNAP and 802.3 IPX frames
 o tcpdump capdev module can handle byte-swapped files
 o If a packet matches two signatures an alert is generated on the most
   specific
 o RPC matcher finally implemented
 o Fully support alert priorities and classifications
 o tcpstream supports window scaling and PAWS
 o Session data saved in extended log files
 o Automatic log rotation (based on time and filesize)
 o Added 'firecat' tool for converting extended logs

BUGS FIXED
----------
 o Fix IP address matching on big-endian machines
 o Handle ip_proto and ttl correctly for less-than/greater-than
 o IP address lists work properly with negation
 o Fix silly bugs in ipfrag which crept in with 0.4.6
 o Fix content match for IP packets with no encapsulated headers
 o Fix some other minor bugs in content matching
 o Fixed improper state tracking of half closed TCP connections
 o Fixed lots of potential decoding bugs all over the map
 o Fixed bugs in HTTP decode
 o Fixed log target to work for all IP packets

-- 
// Gianni Tedesco (gianni at ecsc dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: [ANN]: Firestorm 0.5.1 released
  - From: sam

Prev by Date: [CFT]: 0.5.1 tagged in CVS
Next by Date: Re: [ANN]: Firestorm 0.5.1 released
Previous by thread: [CFT]: 0.5.1 tagged in CVS
Next by thread: Re: [ANN]: Firestorm 0.5.1 released
Index(es):
- Date
- Thread