IDS mailing list archives
[ANN]: Firestorm 0.5.5 a.k.a. "It's just a ride"
From: Gianni Tedesco <gianni () scaramanga co uk>
Date: Wed, 14 Jul 2004 14:15:10 +0100
Hi, After an extended development period, Firestorm 0.5.5 has been released. You can pick up source code and RPMs from: http://www.scaramanga.co.uk/firestorm/download.html In this version there have been significant performance increases in the signature matching department. A new n-ary tree approach replaces the old btree system, this has a number of advantages including more flexibility and lowered stack recursion. It seems to have produced a 25% boost in overall sensor performance. More work is being done in this area including plans to move to an Interval Decision Diagram (IDD) type lookup which is expected to produce a 5-10% improvement again. You should check out Mikkel Christiansen and Emmanuel Fleurys paper on the topic 'An Interval Decision Diagram Based Firewall' if interested. An HTTP normalization plugin was added and tcp stream reassembly accuracy was improved. Also the console has recieved a few interface improvements including moving to the new GtkFileChooser API and implementing basic UI for the index-optimised filtering features of ELOG. But most importantly, a number of bugs have been fixed and limitations removed: o Large file support added. o Removed a lot of redundant API cruft and cleaned out a substancial number of plugins. o Write index files safely. o Properly strip escapes in snort messages. o Enforce log timeout periods even if no packets have been sent using an interval timer. o Fix some signal handling bugs. o Fixed a TCP state serialization/deserialization bug. o Lots of minor bug fixes fixes such as signed comparisons o Fixed a niggling memory leakage-to-file bug in elog output o Allow string fields to be queried on elog databases o Fix depth/nocase/offset if they dont occur right after 'content' o Elog indexes are automatically created when elogs are opened in the console. o Allow firestorm to run with soft realtime scheduling priority o Dynamically expand initial log buffer o Allow specifiying UID/GID by name in firestorm.conf o NULL/LOOPBACK now supported (for BSD virtual interfaces) o Fix endian problems with Linux SLL and NULL/LOOPBACK protocol o Help messages in firecat now display plugins and arguments o Fix bugs where capdevs were setting wrong packet flags o Use RTLD_LAZY if RTLD_NOW not supported o gcc2 bug workarounds o removed limits on log message sizes -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- [ANN]: Firestorm 0.5.5 a.k.a. "It's just a ride" Gianni Tedesco (Jul 14)