Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Spade 021012.1 available

From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 12 Oct 2002 15:54:51 -0700

Greetings all,
Silicon Defense is pleased to announce the availability of Spade version 021012.1. Spade is Silicon Defense's statical anomaly detection preprocessor add-on to Snort. That is, it enables Snort to find packets that are unusual relative to other packets on your network. This means that they may be suspicious, e.g., they are part of a portscan. Best of all, its pretty fast and all you need to tell it about your network is what your networks IP ranges are.
Version 021012.1 contains some relatively minor enhancements and bug-fixes to the major enhanced version from 4 days ago. It is a recommended update for current Spade users and should be a good starting point for new Spade users. 

Here is the change list:

+ ICMP unreachable messages now processed
  + UDP with closed-dport and odd-dport with response waiting now requires
        an unreachable for a report
  + dead-dest with response waiting uses it as a host-alive indication
+ Fixed oversight whereby Spade's log wasn't always produced
+ Spade's log now includes enhanced information on what each detector did,
        which can guide detector tuning for reports and CPU use
+ Fixed problem with installation Makefile
+ Spade now makes sure each detector has a unique id specified (previously a
        seg-fault eventually occurred)
+ Spade's README and Usage files now installed in snort's 'doc' directory
+ spade.conf now added to snort.conf when installing
+ Responses can now match several reports on the waiting queue
+ Added some more defensive code

You can always get more info about Spade and download the latest version from:

  http://www.silicondefense.com/software/spice/

It should also be becoming available from Snortenstein.

Enjoy,

  Jim

--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: