|
|
|
Snort 2.8.4 is out. Upgrade now. |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Snort 2.8.4 is out. Upgrade now. Par FinshakeLe [2009-04-08] à 15:49:53
Présentation : []As posted this morning on the Internet Storm Center: We over at Sourcefire (yes, I work for Sourcefire in case you don't know by now!) have been putting the word out for a couple months now about the Snort 2.8.4 upgrade, how it's very important, and you need to go upgrade now. Well yesterday, after months and months of hard work, Sourcefire released SEU 216 for their Intrusion Prevention System customers and Snort 2.8.4 hit the Open Source community at the same time. "Okay, so why is this so important?!" You may be asking. For awhile now, a lot of netbios flow tracking has been done with our rules language. This results in 100's of rules to do flow tracking for a particular exploit. For example, the rules that detect the exploit that Confiker uses (MS08-067), before the preprocessor, there were 168 rules. Introduced in 2.8.4 is a new target based DCE/RPC preprocessor, called "DCE/RPC2". This preprocessor provides a bunch of the flow tracking internally and provides rule options that rule writers can call. So, after the new netbios rules go out (in the next few days, according to Snort.org), the number of MS08-067 rules will be reduced to 2. For instance, the old netbios rule file: # wc -l netbios.rules 5828 netbios.rules The new: # wc -l netbios.rules 122 netbios.rules So this is great! However, the warning about this is, VRT is no longer providing the "old" method of rule updates to netbios vulnerabilities. So, unless you are on Snort 2.8.4, you will no longer receive updates to protect you against the current netbios threats. So you if you are VRT rules subscriber, who relies on those same-day rule releases, you need to update now. If you are using a package (Debian, Ubuntu, etc.) I would suggest downloading Snort from source and compiling the old fashion way. Hopefully the package maintainers will update their stuff soon. While this is certainly the biggest update to Snort 2.8.4, there are several more (This is brought over from Snort.org): - Support for IPV6 in Frag3 and all application preprocessors - Improved Target-based support in preprocessors. - Option to automatically pre-filter traffic that is not inspected in order to improve performance. - Plus some other improvements and fixes, for a full changelog, please go here. So in case you haven't heard me say it enough in this entry, Update!
Les mots clés de la revue de presse pour cet article : snort upgrade
Les videos sur SecuObs pour les mots clés : snort upgrade
Les mots clés pour les articles publiés sur SecuObs : snort
Les éléments de la revue Twitter pour les mots clés : snort
Les derniers articles du site "Finshake" :
- Gmail Helps fight against Phishing
- Freedom and Understanding
- Google Chrome OS is a threat to who?
- Internet Storm Center Podcast
- Internet Storm Center Podcasts from SANSFIRE 2009
- State of the Internet 2009
- iPhone 3.0 and Caldav
- Quicktime Vulnerability found by our VRT
- Playing with Gmail Filters
- Sourcefire on Twitter
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
