网络入侵检测 Suricata 1.1 正式版发布

fmms 11年前
     <p>Suricata 是一个网络入侵检测和阻止引擎,由开放信息安全基金会以及它说支持的提供商说开发。该引擎是多线程的,内置 IPv6 的支持,可加载预设规则,支持 Barnyard 和 Barnyard2 工具。</p>    <p>Suricata 1.1 版主要改变如下:</p>    <p>Notable Improvements</p>    <p>    * performance improvements<br />     *   – new default pattern matcher<br />     *   – multi pattern matcher inspection of HTTP buffers<br />     *   – improved running modes<br />     * accuracy was greatly improved<br />     * improved logging<br />     *   – extended HTTP logging<br />     *   – support of stream event logging<br />     * IPS improvements<br />     *   – inline mode for stream engine<br />     *   – new keyword and running options for Netfilter based IPS<br />     * removal of the unified1 output plugins (#353)</p>    <p>New features</p>    <p>    * new keywords ssl_state, ssl_version (#258, #262).<br />     * support for http_raw_header, http_stat_msg, http_stat_code and http_raw_uri keywords (#259, #260).<br />     * new keyword support: nfq_set_mark<br />     * support for suppress keyword was added (#274)<br />     * byte_extract keyword support was added<br />     * new default pattern matcher, Aho-Corasick based, that uses much less memory and performs better<br />     * fast_pattern & multi pattern matching support for HTTP buffers<br />     * extended HTTP request logging for use with (among other things) http_agent for Sguil (#38)<br />     * new counters in stats.log for flow and stream engines (#348)<br />     * AF_PACKET support for high speed packet capture<br />     * advanced and fine tuning of CPU affinity setting for enhanced multicore performances<br />     * “replace” keyword support for IPS mode (#303)<br />     * new “workers” runmode for multi-dev and/or clustered PF_RING, AF_PACKET, pcap<br />     * added “stream-event” keyword to match on TCP session anomalies<br />     * Inline mode for the stream engine (#230, #248)<br />     * Included an example decoder-events.rules file<br />     * pcap logging / recording output was added<br />     * basic SCTP protocol parsing was added<br />     * reference.config support as supplied by ET/ETpro and VRT<br />     * smtp protocol parser and protocol detection was added<br />     * better handling of detection for timed out TCP sessions<br />     * improved protocol detection accuracy with additional support for port based detection</p>    <p>Fixes since 1.1rc1</p>    <p>    * CUDA build fixed<br />     * minor pcap, AF_PACKET and PF_RING fixes (#368)<br />     * bpf handling fix<br />     * Windows CYGWIN build<br />     * more cleanups<br /> <br /> 项目地址:<a href="/misc/goto?guid=4958195937250259370" target="_blank">http://www.openinfosecfoundation.org/</a></p>