snort - An open source Network Intrusion Detection System (NIDS)

License: GPL
Snort is an open source network intrusion detection system, capable of
performing real-time traffic analysis and packet logging on IP networks.
It can perform protocol analysis, content searching/matching and can be
used to detect a variety of attacks and probes, such as buffer overflows,
stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts,
and much more.

Snort has three primary uses. It can be used as a straight packet sniffer
like tcpdump(1), a packet logger (useful for network traffic debugging,
etc), or as a full blown network intrusion detection system.

You MUST edit /etc/snort/snort.conf to configure snort before it will work!

Please see the documentation in /usr/share/doc/snort-2.9.12 for more
information on snort features and configuration.


snort-2.9.12-1.fc27.x86_64 [6.7 MiB] Changelog by Lawrence R. Rogers (2018-10-11):
- Release 2.9.12-1
	New Additions
		Parsing HTTP CONNECT to extract the tunnel IP and port information.
		Alerting and dechunking for chunked encoding in HTTP1.0 request and response.
		Fixed an issue where, if we have a junk line before HTTP response header, the header was wrongly parsed.
		Fixed GZIP evasions where an HTTP response with content-encoding:gzip contains a body that has a GZIP-related anomaly.
		Fixed an issue in certain scenarios where a BitTorrent pattern is seen only on the third packet of the session, causing us to miss our client detection.
		SMB improvements for file detection and processing.
snort- [4.5 MiB] Changelog by Lawrence R. Rogers (2017-12-06):
- Release
	New Additions
		* Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets,
		  which means Snort will block the packet and generate logs.
		* Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted.

		* Fixed issue to detect RTP up to two SSRC switches in each traffic direction.
		* Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive
		  copy of segment data by not splitting them when flushing headers.
		* Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan.
		* Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets.
		* Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup.
		* Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels.
		* Fixed issue of applying new configuration in file inspection after Snort reload.

Listing created by Repoview-0.6.6-1.el6