Snort for Windows Publisher's description
from Sourcefire, Inc
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire.
Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and approximately 300,000 registered users, Snort has become the de facto standard for IPS.
- Protocol analysis and content searching/matching
- Uses a flexible rules language to describe traffic that it should collect or pass
- Detection engine that utilizes a modular plug-in architecture
- Real-time alerting capability
- Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more
What's New in This Release:New additions:
- Add support to do file specific processing within DCERPC preprocessor for files being transferred over SMB.
- File capture and storage -- saves files as they traverse the network via a new preprocessor that ties in support within HTTP, FTP, SMTP, POP, IMAP, and SMB. See README.file and README.file_server (under tools/file_server) for details.
- Add = operators to byte_test rule option.
- Update SMTP to detect Cyrus SASL authentication attack.
- Add capability to capture a single session from start to end.
- EXPERIMENTAL: Add support to leverage file type identification in snort rules. See README.file_ips for details.
- Only inject active responses when a TCP session is established.
- Update the POP and IMAP protocols to support simple PAF for improved identification and capture of files.
- Update SMTP, POP, IMAP to improve inspection when mime boundaries are split across packets.
- Address issue to address end of line incorrectly for Quoted Printable email attachments.
- Handle out of order SSL handshake in SMTP when STARTTLS is used and fix checks for SSL type only within the SSL hand shake.
- Update sensitive data preprocessor to handle a stateful search of patterns across multiple packets.
- Address a few issues in the Snort manual and other READMEs for flowbits and tunneling.
- Save off packet data for quicker debugging in case of a SIGABRT or SIGBUS.
System Requirements:Winpcap 4.1.1
Program Release Status: Major Update
Program Install Support: Install and Uninstall