Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: [ANN]: Firestorm 0.5.1 released

[ANN]: Firestorm 0.5.1 released

From: Gianni Tedesco <gianni_at_ecsc.co.uk>
Date: 03 Dec 2002 12:40:48 +0000

Hi,

It has been a while, but hell, I'm lazy. Firestorm 0.5.1 (aka.
Amphetamine Aardvark) has been released to satisfy your intrusion
detecting preversions.

For those not in the know. Firestorm is a very fast and efficient
network intrusion detection system. It is released under the GPL and is
targeted primarily at UNIX-like systems (eg: Linux, *bsd, etc..).
Firestorm has good support for snort signatures, IP defragmentation, TCP
state tracking, and a bunch of other cool features.

PS. Is anyone actually interested in doing NIDS on IPX networks (or
infact anything other than IP)? It looks trivial for me to add support
for IPX signatures that can be based on snort signature format...

You can download source-code and RPMs from the usual place:

 http://www.scaramanga.co.uk/firestorm/download.html

Below is a summary of changes between 0.4.6 and 0.5.1, use of the
intermediate 0.5.0 version is not recommended.

NEW FEATURES
------------
 o Support for ratelimiting alerts (per-alert, burstable)
 o 2 new snort keywords 'rate' and 'burst'
 o Built-in alerts are appropriately ratelimited
 o New (MUCH) faster and simpler packet classifier
 o Now differenciates 802.3 from Ethernet II
 o Support for LLC, SNAP and 802.3 IPX frames
 o tcpdump capdev module can handle byte-swapped files
 o If a packet matches two signatures an alert is generated on the most
   specific
 o RPC matcher finally implemented
 o Fully support alert priorities and classifications
 o tcpstream supports window scaling and PAWS
 o Session data saved in extended log files
 o Automatic log rotation (based on time and filesize)
 o Added 'firecat' tool for converting extended logs

BUGS FIXED
----------
 o Fix IP address matching on big-endian machines
 o Handle ip_proto and ttl correctly for less-than/greater-than
 o IP address lists work properly with negation
 o Fix silly bugs in ipfrag which crept in with 0.4.6
 o Fix content match for IP packets with no encapsulated headers
 o Fix some other minor bugs in content matching
 o Fixed improper state tracking of half closed TCP connections
 o Fixed lots of potential decoding bugs all over the map
 o Fixed bugs in HTTP decode
 o Fixed log target to work for all IP packets 

-- 
// Gianni Tedesco (gianni at ecsc dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Received on Dec 04 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos