Snort mailing list archives
Re: [Emerging-Sigs] Suricata IDS Available for Download!
From: Matt Jonkman <jonkman () jonkmans com>
Date: Fri, 01 Jan 2010 11:44:36 -0500
We were slashdotted, which caused massive problems of course. Things are all back to normal. You can get code at: http://openinfosecfoundation.org/index.php/download-suricata Should remain stable. We're still on the front page at slashdot, but the load is manageable now thankfully. Matt On 12/31/09 7:49 PM, Jules Pagna Disso wrote:
HI Matt, The job done sounds great. It seems as if the download link is not active or broken? Happy new year! Jules 2009/12/31 Matt Jonkman <jonkman () jonkmans com <mailto:jonkman () jonkmans com>> Thanks Matt! That's great to hear from you! Look forward to your feedback. Matt On 12/31/09 3:42 PM, Matt Olney wrote: > Congrats to Matt Jonkman and the team at OISF. It's a big step, and I > look forward to seeing your work (after then new year :)) > > Matt > > On Thu, Dec 31, 2009 at 3:11 PM, Matt Jonkman <jonkman () jonkmans com <mailto:jonkman () jonkmans com> > <mailto:jonkman () jonkmans com <mailto:jonkman () jonkmans com>>> wrote: > > Full Announcement here: > http://www.openinfosecfoundation.org/ > > > It's been about three years in the making, but the day has finally come! > We have the first release of the Suricata Engine! The engine is an Open > Source Next Generation Intrusion Detection and Prevention Tool, not > intended to just replace or emulate the existing tools in the industry, > but to bring new ideas and technologies to the field. > > The Suricata Engine and the HTP Library are available to use under the > GPLv2. > > The HTP Library is an HTTP normalizer and parser written by Ivan Ristic > of Mod Security fame for the OISF. This integrates and provides very > advanced processing of HTTP streams for Suricata. The HTP library is > required by the engine, but may also be used independently in a range of > applications and tools. > > This is considered a Beta Release as we are seeking feedback from the > community. This release has many of the major new features we wanted to > add to the industry, but certainly not all. We intend to get this base > engine out and stable, and then continue to add new features. We expect > several new releases in the month of January culminating in a production > quality release shortly thereafter. > > The engine and the HTP Library are available here: > http://www.openinfosecfoundation.org/index.php/download-suricata > > Please join the oisf-users mailing list to discuss and share feedback. > The developers will be there ready to help you test. > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users > > > As this is a first release we don't really have a "what's New" section > because everything is new. But we do have a number of new ideas and new > concepts to Intrusion Detection to note. Some of those are listed below: > > > > Multi-Threading > Amazing that multi-threading is new to IDS, but it is, and we've got it! > > > Automatic Protocol Detection > The engine not only has keywords for IP, TCP, UDP and ICMP, but also has > HTTP, TLS, FTP and SMB! A user can now write a rule to detect a match > within an HTTP stream for example regardless of the port the stream > occurs on. This is going to revolutionize malware detection and control. > Detections for more layer 7 protocols are on the way. > > > Gzip Decompression > The HTP Parser will decode Gzip compressed streams, allowing much more > detailed matching within the engine. > > > Independent HTP Library > The HTP Parser will be of great use to many other applications such as > proxies, filters, etc. The parser is available as a library also under > GPLv2 for easy integration ito other tools. > > > Standard Input Methods > You can use NFQueue, IPFRing, and the standard LibPcap to capture > traffic. IPFW support coming shortly. > > > Unified2 Output > You can use your standard output tools and methods with the new engine, > 100% compatible! > > > Flow Variables > It's possible to capture information out of a stream and save that in a > variable which can then be matched again later. > > > Fast IP Matching > The engine will automatically take rules that are IP matches only (such > as the RBN and compromised IP lists at Emerging Threats) and put them > into a special fast matching preprocessor. > > > HTTP Log Module > All HTTP requests can be automatically output into an apache-style log > format file. Very useful for monitoring and logging activity completely > independent of rulesets and matching. Should you need to do so you could > use the engine only as an HTTP logging sniffer. > > > > Coming Very Soon: (Within a few weeks) > > Global Flow Variables > The ability to store more information from a stream or match (actual > data, not just setting a bit), and storing that information for a period > of time. This will make comparing values across many streams and time > possible. > > > Graphics Card Acceleration > Using CUDA and OpenCL we will be able to make use of the massive > processing power of even old graphics cards to accelerate your IDS. > Offloading the very computationally intensive functions of the sensor > will greatly enhance performance. > > > IP Reputation > Hard to summarize in a sentence, but Reputation will allow sensors and > organizations to share intelligence and eliminate many false positives. > > > Windows Binaries > As soon as we have a reasonably stable body of code. > > > > The list could go on and on. Please take a few minutes to download the > engine and try it out and let us know what you think. We're not > comfortable calling it production ready at the moment until we get your > feedback, and we have a few features to complete. We really need your > feedback and input. We intend to put out a series of small releases in > the two to three weeks to come, and then a production ready major > release shortly thereafter. Phase two of our development plan will then > begin where we go after some major new features such as IP Reputation > shortly. > > http://www.openinfosecfoundation.org > > > ---------------------------------------------------- > Matthew Jonkman > Emerging Threats > Open Information Security Foundation (OISF) > Phone 765-429-0398 > Fax 312-264-0205 > http://www.emergingthreats.net > http://www.openinformationsecurityfoundation.org > ---------------------------------------------------- > > PGP: http://www.jonkmans.com/mattjonkman.asc > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast > and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> > <mailto:Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>> > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users > <https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users> list archive: > http://www.geocrawler.com/redir-sf.php3?list=snort-users > > -- ---------------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net <mailto:Emerging-sigs () emergingthreats net> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
-- ---------------------------------------------------- Matthew Jonkman Emerging Threats Open Information Security Foundation (OISF) Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net http://www.openinformationsecurityfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [Emerging-Sigs] Suricata IDS Available for Download! Matt Jonkman (Jan 01)
- error message snort-2.8.5.2 David Kingsly (Jan 02)