Snort mailing list archives
Spade 021012.1 available
From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 12 Oct 2002 15:54:51 -0700
Greetings all,Silicon Defense is pleased to announce the availability of Spade version 021012.1. Spade is Silicon Defense's statical anomaly detection preprocessor add-on to Snort. That is, it enables Snort to find packets that are unusual relative to other packets on your network. This means that they may be suspicious, e.g., they are part of a portscan. Best of all, its pretty fast and all you need to tell it about your network is what your networks IP ranges are.
Version 021012.1 contains some relatively minor enhancements and bug-fixes to the major enhanced version from 4 days ago. It is a recommended update for current Spade users and should be a good starting point for new Spade users.
Here is the change list: + ICMP unreachable messages now processed + UDP with closed-dport and odd-dport with response waiting now requires an unreachable for a report + dead-dest with response waiting uses it as a host-alive indication + Fixed oversight whereby Spade's log wasn't always produced + Spade's log now includes enhanced information on what each detector did, which can guide detector tuning for reports and CPU use + Fixed problem with installation Makefile + Spade now makes sure each detector has a unique id specified (previously a seg-fault eventually occurred) + Spade's README and Usage files now installed in snort's 'doc' directory + spade.conf now added to snort.conf when installing + Responses can now match several reports on the waiting queue + Added some more defensive code You can always get more info about Spade and download the latest version from: http://www.silicondefense.com/software/spice/ It should also be becoming available from Snortenstein. Enjoy, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spade 021012.1 available James Hoagland (Oct 12)