|
Snort Security Plataform beta3 lançado |
|
Written by Rodrigo Montoro (Sp0oKeR)
|
|
Wednesday, 01 April 2009 |
Marty Roesch lançou hoje mais um beta do Snort Security Plataform
(SnortSP), abaixo as mudanças e vale destacar a utilização snort 2.8.3.1.
Snortsp-3.0.0b3:
* Updated snort analytic to 2.8.3.1.
* Added dynamic-plugins/sf_engine/examples/ and tweaked sspiffy.sh
to handle SO rules.
* Hardened PORTLISTS code.
* Fixed load balancing bug in framework.
* Better integration of the Snort analytic with the framework.
Packetdecoding and flow computation are now done solely by
the framework.
* Added more options to sspiffy.sh.
* Added single threaded mode (configure --enable-single-threaded).
More on this below.
* Reduced thread local storage (TLS) accesses.
* Changed shared objects to use hidden visibility by default to
reduce translation overhead.
The SnortSP architecture was designed to be as flexible as possible
to obtain the best performance for your security software on any
given plataform. In this 3rd Beta release, you can build SnortSP
in two basic ways:
* Multithreaded mode (original): this is the default. In this
mode the core functions like packet acquisition, decoding, and
flowing are peformed by the framework in one thread and the analytics
perform detection in their own separate threads.
* Single-threaded mode (new): this is enabled by configure
--enable-single-threaded. In this mode, the framework and analytics
are "stacked" up to run sequentially in the same thread. You can
even configure multiple stacks to run in parallel.
In either mode, you can pin the engine and analytics to specific
processors on multicore systems.
Para baixa-lo: http://www.snort.org/dl/snortsp/
Happy Snorting!
Rodrigo Montoro(Sp0oKeR)
|
|
Last Updated ( Wednesday, 01 April 2009 )
|
