入侵檢測自由軟件項目Snort停止開發 ???
作者:cross 日期:2010-07-22 15:33
ref: http://opensource.solidot.org/article.pl?sid=10/07/22/068207&from=rss
入侵檢測自由軟件項目Snort停止開發
matrix發表於2010年7月22日14時12分星期四 matrix發表於2010年7月22日14時12分星期四
來自分叉叉叉叉叉部門 來自分叉叉叉叉叉部門
Shawn the R0ck 寫道
"已有12年曆史的入侵檢測自由開源軟件項目Snort停止了開發了。由美國國土安全局建立的非盈利組織OISF(開發信息安全基金會)認為snort是進入"老年",他們將開始開發新一代的IDS/IPS(入侵檢測/防禦系統)。但Snort的創建者Martin Roech 否認了這一說法 ,他稱這個禮拜OISF發布的第一個開放源代碼IDS/IPS項目Suricata 1.0簡直就是在做Snort曾經的工作,也就是說在浪費納稅人的錢。OISF成立不到2年,據主席Matt Jonkman得知,他們在國土安全局電子空間研究計劃(cybersecurity research program)中得到100萬美元的投入。Matt說OSIF的目的就是開發出Snort的替代品,Snort 3.0作為下一代Snort的計劃已經被推遲了。
btw:Snort仍然非常強大,目前很多綜合安全平台都會多多少少使用Snort,只是不遵循GPL也很普遍,廠商的不道德行為由此體現。" Shawn the R0ck寫道
"已有12年曆史的入侵檢測自由開源軟件項目Snort停止了開發了。由美國國土安全局建立的非盈利組織OISF(開發信息安全基金會)認為snort是進入"老年" ,他們將開始開發新一代的IDS/IPS(入侵檢測/防禦系統)。但Snort的創建者Martin Roech 否認了這一說法 ,他稱這個禮拜OISF發布的第一個開放源代碼IDS/IPS項目Suricata 1.0簡直就是在做Snort曾經的工作,也就是說在浪費納稅人的錢。OISF成立不到2年,據主席Matt Jonkman得知,他們在國土安全局電子空間研究計劃(cybersecurity research program)中得到100萬美元的投入。Matt說OSIF的目的就是開發出Snort的替代品,Snort 3.0作為下一代Snort的計劃已經被推遲了。
btw:Snort仍然非常強大,目前很多綜合安全平台都會多多少少使用Snort,只是不遵循GPL也很普遍,廠商的不道德行為由此體現。"
Sourcefire買下ClamAV
作者:cross 日期:2007-08-18 18:41
ref: http://investor.sourcefire.com/phoenix.zhtml?c=204582&p=irol-newsArticle&ID=1041607&highlight=
ref: http://www.clamav.net/2007/08/17/sourcefire-acquires-clamav/
在 2007 年 八 月 十七 號的時後,Sourcefire 與 Clamav 都公佈了 Sourcefire acquire ClamAV,
不知道會不會更強大,我說的意思是 Snort + Inline + ClamAV
ref: http://www.clamav.net/2007/08/17/sourcefire-acquires-clamav/
在 2007 年 八 月 十七 號的時後,Sourcefire 與 Clamav 都公佈了 Sourcefire acquire ClamAV,
不知道會不會更強大,我說的意思是 Snort + Inline + ClamAV
標籤: snort
snort_inline-2.6.1.5 released
作者:cross 日期:2007-06-07 09:32
今天2007/06/07 才正式 release啦
http://snort-inline.sourceforge.net/download.html
Source code MD5
snort_inline-2.6.1.5 69a70a1f5652d7163375147a82b15144
一樣可到這http://www.inliniac.net/blog/?p=74查看 snort in inline mode 與 snort-inline 的不同
Quote:
List,
I know it has been a long time since we have had a non-beta release,
but what can I say? Victor and I have both been busy in our personal
and professional lives. If you have been running the version of code
in SVN, there are no major updates with this release other than a
memleak fix for stream4inline. I don't think this gets said often
enough, so I would like to thank Sourcefire for all the hard work they
put into snort and the snort rule sets for which I and the rest of the
標籤: snort
Snort v2.6.1.5 has been released
作者:cross 日期:2007-05-15 05:17
以下的是SVN
Snort Releases wrote:
Victor也介紹了 Snort與 Snort-Inline的不同> Hi everybody,
>
> Snort v2.6.1.5 has been released. The software and source code is
> available at: http://snort.org/dl/
>
> Snort v2.6.1.5 includes:
>
> * A new http_post rule keyword used to search for content in normalized
> HTTP posts
> * A fix for a potential memory leak when generating HTTP Inspection events
>
> NOTE: In the default configuration, the http_inspect preprocessor will
> generate informational events on normalized HTTP POST data. To disable
> these events, refer to the Snort Manual.
>
> Happy Snorting!
>
> The Snort Release Team
> Sourcefire, Inc.
Snort_inline updated to 2.6.1.5 in SVNThanks to the SourceFire team for this release!
I have just updated the Snort_inline SVN tree to 2.6.1.5 as well. For an
overview of the differences between Snort and Snort_inline, please see
my blogpost on the subject: http://www.inliniac.net/blog/?p=74
Regards,
Victor
標籤: snort
ips.sh
作者:cross 日期:2007-03-28 23:33
#!/bin/bash
# 2007/03/28 be authored by cross@ssorc.tw
#
# Purpose: In order to easy change the QUEUE/ACCEPT, or start/stop the snort-inline.
#
# ChangeLog:
# 2007/05/22 added start into check snort-inline is live or not function.
# 2007/05/16 added function for check.
# 2007/03/29 fixed functions.
# add interface() of function for getting wich interface device.
# Plan:
# 200x/xx/xx plan to add how to check snort-inline version.
# 200x/xx/xx plan added function for When uses accept(),
# changes "INPUT -p tcp --dport 80 -j ACCEPT"
# to "INPUT -p tcp --dport 80 --syn -m state --state NEW -j ACCEPT". ???
#set -x
# 2007/03/28 be authored by cross@ssorc.tw
#
# Purpose: In order to easy change the QUEUE/ACCEPT, or start/stop the snort-inline.
#
# ChangeLog:
# 2007/05/22 added start into check snort-inline is live or not function.
# 2007/05/16 added function for check.
# 2007/03/29 fixed functions.
# add interface() of function for getting wich interface device.
# Plan:
# 200x/xx/xx plan to add how to check snort-inline version.
# 200x/xx/xx plan added function for When uses accept(),
# changes "INPUT -p tcp --dport 80 -j ACCEPT"
# to "INPUT -p tcp --dport 80 --syn -m state --state NEW -j ACCEPT". ???
#set -x
Snort-Inline 更新
作者:cross 日期:2007-01-24 11:37
官網已更新到 snort_Inline-2.6.1.2-BETA1 (2007-01-22 19:17)
http://nchc.dl.sourceforge.net/sourceforge/snort-inline/snort_inline-2.6.1.2-BETA1.tar.gz
Q: Not Using PCAP_FRAMES
A: export PCAP_FRAMES=max
ref: http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/rc1/node27.html
標籤: snort
snort-inline 2005/12/09 記錄
作者:cross 日期:2006-12-28 16:01
官網放出用 snort-2.4.3.tar.gz加上 patch方式,編譯 snort_inline-2.4.3RC2.diff
Quote:
Hi everyone!
Today is the day Will is getting married with his bride Lindsay. Thats
why todays release is dubbed "The Wedding Release". Before i tell you
guys about the release i want to wish William and Lindsay all the best
together! Congratulations and have fun on your honeymoon!
標籤: snort
