Hi, After an extended development period, Firestorm 0.5.5 has been released. You can pick up source code and RPMs from: http://www.scaramanga.co.uk/firestorm/download.html In this version there have been significant performance increases in the signature matching department. A new n-ary tree approach replaces the old btree system, this has a number of advantages including more flexibility and lowered stack recursion. It seems to have produced a 25% boost in overall sensor performance. More work is being done in this area including plans to move to an Interval Decision Diagram (IDD) type lookup which is expected to produce a 5-10% improvement again. You should check out Mikkel Christiansen and Emmanuel Fleurys paper on the topic 'An Interval Decision Diagram Based Firewall' if interested. The GNOME-based console has recieved a few interface improvements including moving to the new GtkFileChooser API and implementing basic UI for the index-optimised filtering features of ELOG. But most importantly, a number of bugs have been fixed and limitations removed: o Large file support added. o Removed a lot of redundant API cruft and cleaned out a substancial number of plugins. o Write index files safely. o Properly strip escapes in snort messages. o Enforce log timeout periods even if no packets have been sent using an interval timer. o Fix some signal handling bugs. o Fixed a TCP state serialization/deserialization bug. o Lots of minor bug fixes fixes such as signed comparisons o Fixed a niggling memory leakage-to-file bug in elog output o Allow string fields to be queried on elog databases o Fix depth/nocase/offset if they dont occur right after 'content' o Elog indexes are automatically created when elogs are opened in the console. o Allow firestorm to run with soft realtime scheduling priority o Dynamically expand initial log buffer o Allow specifiying UID/GID by name in firestorm.conf o NULL/LOOPBACK now supported (for BSD virtual interfaces) o Fix endian problems with Linux SLL and NULL/LOOPBACK protocol o Help messages in firecat now display plugins and arguments o Fix bugs where capdevs were setting wrong packet flags o Use RTLD_LAZY if RTLD_NOW not supported o gcc2 bug workarounds o removed limits on log message sizes -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part