Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Spade version 021026.1 released!

From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 26 Oct 2002 16:16:36 -0700

Greetings,
Silicon Defense is please to announce the availability of Spade version 021026.1, the latest version of its statistical anomaly detector for Snort. This is what has changed: 

+ ICMP traffic now analyzed for anomalies
  + dead-dest detector type now looks for ICMP traffic to unused IP
    addresses
  + new odd-typecode detector type looks for ICMP packets with rare type
    and code fields
+ new odd-port-dest detector type looks for sources connecting to an
    unusual destination for a destination port (among destination ports
    that are observed to have a predictable set of destinations)
+ you can now exclude certain reports on a Spade-wide basis in addition to
    on a detector-specific basis (add Xdips, Xdports, Xsips, and/or
    Xsports on the main Spade configuration line)
+ dead-dest will no longer report on broadcast IPs
+ sped Spade up a little through some optimizations
+ spade.conf updated for new detection capabilities
+ Spade log file configured in the distributed spade.conf is now called
    spade.log (instead of log.txt) for clarity
As you can see, there's a few new detection capabilities in this version. You can download it and learn more at: 

  http://www.silicondefense.com/software/spice/

Enjoy and happy Spading,

  Jim
--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|


-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in
Las Vegas (supported by COMDEX), the only Apache event to be
fully supported by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: