OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Snort-users] Re: [Snort-announce] Snort 2.0 rc1 available

From: Martin Roesch (roeschsourcefire.com)
Date: Tue Apr 01 2003 - 14:43:11 CST

This isn't implemented (or planned) at this time, if you get it working
let me know!

      -Marty

On Thursday, March 27, 2003, at 02:34 AM, Mahdi Kefayati wrote:

> In the Name of the Dearest
>
> Dear Martin,
>
> One of the things I have been looking for in snort is logging the URI
> which has caused a rule to be trigered. I'm aware of uricontent option
> but I want to log exactly the URI of a request, packet, etc. that has
> trigerd for example a content checking rule. This along with some url
> filter or flexresp functionality will help me to do content filtering
> and also some statistical analysis on my users.
>
> If anybody has worked on this topic please email me asap and if it's
> not implemented yet, would you please include it in snort 2.0.
>
> Best Regards
>
> Mahdi Kefayati
>
>  Martin Roesch <roeschsourcefire.com> wrote:
>
> The Snort 2.0 release candidate 1 is available for your testing. We've
> been working on and tweaking Snort 2.0 for quite a while now and it's
> looking like it's ready to go. Please download it and check it out at
> the earliest opportunity. If you find any bugs, please read the
> doc/BUGS file before submitting a bug report, Snort works on too many
> platforms for us to guess at your configuration!
>
> This version features:
>
> * Higher performance (due to a new pattern matcher and rebuilt
> detection engine)
> * Better decoders
> * Enhanced stream reassembly and defragmentation
> * Tons of bug fixes
> * Updated rules
> * Updated snort.conf
> * New detection keywords (byte_test, byte_jump, distance, within) &
> stateful pattern matching
> * New HTTP flow analyzer
> * Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
> * Better self preservation in stateful sunsystems
> * Xrefs fixed
> * Flexresp works faster and more effectively
> * Better chroot()'ing
> * Fixed 802.1q decoding
> * Better async state handling
> * New alerting option: -A cmg!!
>
> The source tarball is available at
> http://www.snort.org/dl/snort-2.0.0rc1.tar.gz. A win32 build will
> follow shortly!
>
> Brought to you by the character ':', the letters 'w' and 'q' and the
> number 0x41414141. Enjoy!
>
> -Marty
>
> --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
> Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
> roeschsourcefire.com - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
> _______________________________________________
> Snort-announce mailing list
> Snort-announcelists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-announce
>
>
>
<image.tiff>
>
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roeschsourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users