網絡入侵檢測 Suricata 1.1 正式版發布

fmms 13年前發布 | 7K 次閱讀 安全工具

Suricata 是一個網絡入侵檢測和阻止引擎,由開放信息安全基金會以及它說支持的提供商說開發。該引擎是多線程的,內置 IPv6 的支持,可加載預設規則,支持 Barnyard 和 Barnyard2 工具。

Suricata 1.1 版主要改變如下:

Notable Improvements

    * performance improvements
    *   – new default pattern matcher
    *   – multi pattern matcher inspection of HTTP buffers
    *   – improved running modes
    * accuracy was greatly improved
    * improved logging
    *   – extended HTTP logging
    *   – support of stream event logging
    * IPS improvements
    *   – inline mode for stream engine
    *   – new keyword and running options for Netfilter based IPS
    * removal of the unified1 output plugins (#353)

New features

    * new keywords ssl_state, ssl_version (#258, #262).
    * support for http_raw_header, http_stat_msg, http_stat_code and http_raw_uri keywords (#259, #260).
    * new keyword support: nfq_set_mark
    * support for suppress keyword was added (#274)
    * byte_extract keyword support was added
    * new default pattern matcher, Aho-Corasick based, that uses much less memory and performs better
    * fast_pattern & multi pattern matching support for HTTP buffers
    * extended HTTP request logging for use with (among other things) http_agent for Sguil (#38)
    * new counters in stats.log for flow and stream engines (#348)
    * AF_PACKET support for high speed packet capture
    * advanced and fine tuning of CPU affinity setting for enhanced multicore performances
    * “replace” keyword support for IPS mode (#303)
    * new “workers” runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap
    * added “stream-event” keyword to match on TCP session anomalies
    * Inline mode for the stream engine (#230, #248)
    * Included an example decoder-events.rules file
    * pcap logging / recording output was added
    * basic SCTP protocol parsing was added
    * reference.config support as supplied by ET/ETpro and VRT
    * smtp protocol parser and protocol detection was added
    * better handling of detection for timed out TCP sessions
    * improved protocol detection accuracy with additional support for port based detection

Fixes since 1.1rc1

    * CUDA build fixed
    * minor pcap, AF_PACKET and PF_RING fixes (#368)
    * bpf handling fix
    * Windows CYGWIN build
    * more cleanups

項目地址:http://www.openinfosecfoundation.org/

 本文由用戶 fmms 自行上傳分享,僅供網友學習交流。所有權歸原作者,若您的權利被侵害,請聯系管理員。
 轉載本站原創文章,請注明出處,并保留原始鏈接、圖片水印。
 本站是一個以用戶分享為主的開源技術平臺,歡迎各類分享!
  本文地址:http://www.baiduhome.net/news/view/ad3c6