View Single Post
  #1   (View Single Post)  
Old 30th August 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Snort 2.9.1 improves protocol handling

From http://h-online.com/-1332549

Quote:
The Snort network intrusion detection system has been updated with HTTP and DCE/RPC protocol aware flushing and improved SIP, POP and IMAP3 preprocessors. Updates to the HTTP and DCE/RPC preprocessors now allow Snort to reassemble requests and responses, even when spread over many packets, and to intelligently flush the results. Snort performs realtime analysis on IP network traffic to detect attempts to probe or attack the network by using a user-defined ruleset which characterises those attacks.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote