snort-openappid - An open source Network Intrusion Detection System (NIDS) with open AppId support
Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system. You MUST edit /etc/snort/snort.conf to configure snort before it will work! Please see the documentation in /usr/share/doc/snort-2.9.19 for more information on snort features and configuration.
|snort-openappid-2.9.19-1.amzn2.src [6.9 MiB]||
by Lawrence R. Rogers (2021-12-01):
- Release 22.214.171.124-1 https://blog.snort.org/2021/12/open-source-version-of-snort-29190.html * src/snort.c : Fixed an issue where verdict will be applied onto next session when timeout occurs in some scenarios. * rc/file-process/file_service.c : Removed an excessively flooding log. * src/dynamic-preprocessors/modbus/modbus_decode.c : Fixed possible integer overflow. * src/fpcreate.c : Added fix to GCC compiled snort to use AC-BNFA-Q search-method when Intel-cpm is enabled. * src/generators.h src/preprocessors/Stream6/snort_stream_tcp.c : Added fix to not to drop packets when window size is 0 by TCP normalizer and Added new alert with GID 129 and SID 21 when such packets are seen. * src/dynamic-preprocessors/appid/detector_plugins/detector_imap.c src/dynamic-preprocessors/appid/detector_plugins/detector_pop3.c : Added support for Appid to detect login success and failure for IMAP and POP3 protocols. * src/dynamic-preprocessors/reputation/reputation_config.c src/dynamic-preprocessors/reputation/spp_reputation.c src/dynamic-preprocessors/reputation/spp_reputation.h src/pkt_tracer.c src/snort.c src/util.c : Fixed terminology to be bias-free in log/error messages. * src/snort.c : Fixed a potential race condition.