Fresh FOSS

Snort 3.3.4.0

Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users. Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike.

Tags	ids logger traffic ips network security analysis tcp udp cpp c
License	GNU GPLv3
State	initial

Homepage Download

Recent Releases

3.3.4.012 Nov 2024 05:05 major bugfix: Appid: notify binder on service change. Appid: replaced hsessions vector of raw pointers into vector of smart pointers. Ftp_telnet: refactoring ftp-data. Latency, dce, stream_ip: max pegs incorrectly declared sum. Telnet: avoid flush when cr or lf is between commands.

3.3.3.016 Oct 2024 16:45 major feature: Control: code cleanup. Control: handle control commands after packet threads are fully initialised. Daq: add outstanding packets counter. Extractor: add flow hash key. File_api: max depth is set as part of initial config. File: remove unused variable in FileFlows destructor. Filters: update dev_notes.txt with details for event_filter. Flow: optimize timeout handling for different packet type. Http_inspect: add peg counts for gzip, known-not-supported, and unknown. Http_inspect: log normalized URI in extra data. Ips_options: separate main thread pcre counts from packet threads stats. Memory: account memory for profiler only when packet thread is involved. Src: resolve various warnings. Stream_tcp: make sure ports are correctly swapped when filling a meta-ACK packet.

3.3.2.028 Aug 2024 13:25 major bugfix: Appid: ing cpp warnings and cosmetic changes for appid cpu profiler. Appid: removing trailing whitespaces. Daq: added outstanding packets counter. Doc: builtin rule documentation updates. Flow: added compile-time option to disable tenant_id. Flow: clear deferred trust after the flow is trusted to stop repeated trusting. Js_norm: address pdf tokenizer kaizen: verbose mode output for unlimited options. Main: coverage. Sip: fallback functionality for sip inspector. Stream: refactor paf logic into a c++ class. Stream_tcp: delete lws_init, it was redundant with tcp_init; delete ITs that are no longer relevant. Stream_tcp: improve variable and function names for overlap processing. Stream_tcp: integrate and streamline setting of flush policy and splitter. Stream_tcp: merge TcpStreamSession into TcpSession. Stream_tcp: refactor segment nodes to implement reassembly cursor and eliminate tracking variables. Stream_tcp: refactor TcpReassembler into a virtual base class and subclasses for each mode: ignore, IPS and IDS. Stream_tcp: refactor to move alert functions to their own class. Stream_tcp: refactor to move tcp overlap processing out of reassembly class.

3.3.1.024 Jul 2024 02:45 major feature: Appid: restructure the appid code to make it easier to follow and maintain. Appid: updating appid cpu profiler cli. Dce_rpc: correct the session counters post the upgrade to smb v2 from v1. Detection: include OPT_TREE traces in release build. Detection: make print of fast pattern as a trace module. Extractor: support trans_depth, origin and referrer fields. File: ing file context reuse. Flow: clear flow stash when freeing the flow data. Flow: handle significant groups with unknown group value as non-group flow keys. Http_inspect: add origin header. Parser: do not skip symbols while expanding variables. Perf_monitor: introducing new parameters for ip flow profiling. Stream_tcp: move prev_norm object from TcpNormalizer to TcpNormalizerState. Stream_tcp: set daq_msg field in meta-ack pseudo-packet header to the value from the wire packet. Stream_tcp: support tracing without compilation flags. Wizard: expand MMS curse.

3.3.0.011 Jul 2024 07:45 major feature: Appid: display rows limit of table and totals. Appid: using different api for picking appids for appid cpu profiler. Build: bump version to 3.2.0. Codecs: add handling of NDP types. Dns: set Flow timeout after getting DNS response. Extractor: add protocol logging for HTTP. Framework: add new Cursor Action Type. Http_inspect: set CAT_SET_SUB_SECTION for buffer with a sub-selector configured. Js_norm: prerequisites for FlexLexer includes. Main: add CLI command to show snort cpu percentage. Stream_tcp: use default size atomsplitter on fallback. Utils: remove duplication of definition. Thanks to xxxx81 for reporting the.

3.2.2.007 Jun 2024 16:05 major feature: Appid: appid cpu profiler max columns. Appid: re-enabling appid cpu profiler making it thread safe. Appid: store and retrieve only SNI in AppIdSession. Appid: updating file_magic.rules with some new file types added to the VDB. Dce_smb: do not prune from LRU cache during file tracker update. Doc: formatting in dev_notes.txt. Flow: add the newly-created flow to p- flow to avoid segv. Js_norm: stop PDF processing on syntax error. Main: apply loaded configuration only once. Packet_capture: make sure packet_capture executed before detection. Service_inspectors: get_buf handling. Sip: flow clean-up based on lina configured timeout. Src: remove repetitive words. Thanks @gopherorg for finding those typos. Src: udpate to resolve new stream_tcp: don't attempt to verify or process keep-alive probes with data. Stream_tcp: infinite recursion cases. Thanks to scloder-ut-iso for helping with deinformation that uncovered a case of infinite recursion. Utils: add explicit include.

3.2.1.022 May 2024 13:25 major bugfix: Framework: supply directories to system headers to plug_gen.sh. Main: updates for types used by Alpine. Memory: unit test.

3.1.84.012 Apr 2024 08:25 major bugfix: Appid: enhanced appid config parsing. Appid: remove locks from peg counts. Appid: separate main thread and packet thread appid_pub_id. Dce_smb: ing an ASAN memory corruption detection: handle policy changes in continuation. Framework: add correct cast from double to unsigned. Http_inspect: add file_data to buffer list. Packet_capture: include cstdint in a header file. Thanks to Plup and Hauke Mehrtens for reporting this!. Xhash: typo.

3.1.83.026 Mar 2024 03:25 major bugfix: Detection: use correct packet in trace logs. Doc: add libml to optional dependencies. Flow: add filter to dump flows. Flow: UT. Hash: exception handling for random device. Packet_capture: wrong dlt in pcap header when nfq is used. Stream: count retransmits when we disable content rules. Trace: replace colon delimiter for tenant with whitespace in the trace_logger output.

3.1.82.015 Mar 2024 10:05 major feature: Appid: broadcast commands with ctrlcon. Appid: change eve pattern matching logic. Appid: replaced warning log with logging api for CBD. File_api: do not clear the file capture and user file data pointers when updating the verdict from the cache. Filters: updated dyn array with vector. Flow: updated flow_data linklist with STL container. Framework: validate parameter of number type in a string form. Kaizen: rename to Snort ML. Main: clear lua stack when registering commands in a shell. Main: reset main-thread stats from the main thread. Main: update limits help. Packet_capture: add packet capturing per tenant. Sfip: remove references to unused mode feature. Sfip: zero out var/node pointers after operations to remedy heap-use-after-free on reload. Smb: for improper session cache destruction in tterm during config reload. Snort2lua: change deprecated use of ptr_fn to lambda. Stats: timing stats. Stats: perf improvement changes. Stream: remove splitter from session before inspectors. Stream_tcp: add reasons for drops due to trims. Stream_tcp: implement support for proxy mode normalization behavior. Stream_tcp: update documentation for stream TCP alerts to include the new 129:21 and 129:22 alerts. Trace: add tenants logging.

3.1.81.021 Feb 2024 18:05 major feature: Appid: check tenant_match() if required. Appid: log error message instead of fatal error if appid stats logfile is not accessible. Appid: Lowering max packet count before service fail. Control: Adds counting to ctrlcon blocked to allow for nested commands. Detection: add c'tors, use new instead of snort_calloc. Detection: copy ip var name in dup_rtn. Flow: added ips event suppression flags. Host_cache: update_stats to remove race_condition. Http_inspect: recreate JSNorm if reload takes place inside transaction. Ips_context: add lazy-allocation of alt buffer. Kaizen: provide an option to enable Kaizen's mock. Kaizen: remove redundant semicolon and add explicit cast. Kaizen: rename modules. Lua: improve spell of wizard for HTTP. Memory: prevent data race between main and packet threads. Service_inspectors: add check for JSNorm config actuality. Stream_tcp: add alerts for exceeding thresholds for max queued bytes or segments. Stream_tcp: add check to verify seglist head is not nullptr and only initialize PAF when it is not. Utils: add macro for setting thread name.

3.1.78.019 Jan 2024 13:32 major bugfix: * appid: print odp version and odp detector count on startup * copyright: update year to 2024 * doc: update arg list for "generate_builtin.sh". Add parity to "generate_" scripts arg list, thanks to @puck(https://github.com/puck) * main: fix inconsistent lua variables assignment * parser: fix --dump-rule-meta for negated ports