vFeed


Tools

Published on August 27th, 2014 | by MaxiSoler

0

Suricata v2.0.3 Released

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. The Suricata Engine and the HTP Library are available to use under the GPLv2.

 

suricata

IDS/IPS
Suricata is a rule-based ID/PS engine that utilises externally developed rule sets to monitor network traffic and provide alerts to the system administrator when suspicious events occur. Designed to be compatible with existing network security components, Suricata features unified output functionality and pluggable library options to accept calls from other applications.

The initial release of Suricata runs on a Linux 2.6 platform that supports inline and passive traffic monitoring configuration capable of handling multiple gigabit traffic levels. Linux 2.4 is supported with reduced configuration functionality, such as no inline option.

Available under Version 2 of the General Public License, Suricata eliminates the ID/PS engine cost concerns while providing a scalable option for the most complex network security architectures.

 

Multi-threading

As a multi-threaded engine, Suricata offers increased speed and efficiency in network traffic analysis. In addition to hardware acceleration (with hardware and network card limitations), the engine is build to utilise the increased processing power offered by the latest multi-core CPU chip sets. Suricata is developed for ease of implementation and accompanied by a step-by-step getting started documentation and user manual.

 

Development and features

The goal of the Suricata Project Phase 1 was to have a distributable and functional ID/PS engine. The initial beta release was made available for download on January 1, 2010. The engine supports or provides the following functionality: the latest Snort VRT, Snort logging, rule language options, multi-threading, hardware acceleration (with hardware and network card dependencies/limitations), unified output enabling interaction with external log management systems, IPv6, rule-based IP reputation, library plug-ability for interaction with other applications, performance statistics output, and a simple and effective getting started user manual.

By engaging the open source community and the leading ID/PS rule set resources available, OISF has built the Suricata engine to simplify the process of maintaining optimum security levels. Through strategic partnerships, OISF is leveraging the expertise of Emerging Threats (www.emergingthreats.net) and other prominent resources in the industry to provide the most current and comprehensive rule sets available.

The HTP Library is an HTTP normaliser and parser written by Ivan Ristic of Mod Security fame for the OISF. This integrates and provides very advanced processing of HTTP streams for Suricata. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.

 

Changelog v2.0.3 (2014-08-08)

  • Bug #1236: fix potential crash in http parsing
  • Bug #1244: ipv6 defrag issue
  • Bug #1238: Possible evasion in stream-tcp-reassemble.c
  • Bug #1221: lowercase conversion table missing last value
  • Support #1207: Cannot compile on CentOS 5 x64 with –enable-profiling

Changelog v2.0.2 (2014-06-25)

  • Bug #1098: http_raw_uri with relative pcre parsing issue
  • Bug #1175: unix socket: valgrind warning
  • Bug #1189: abort() in 2.0dev (rev 6fbb955) with pf_ring 5.6.3
  • Bug #1195: nflog: cppcheck reports memleaks
  • Bug #1206: ZC pf_ring not working with Suricata 2.0.1 (or latest git)
  • Bug #1211: defrag issue
  • Bug #1212: core dump (after a while) when app-layer.protocols.http.enabled = yes
  • Bug #1214: Global Thresholds (sig_id 0, gid_id 0) not applied correctly if a signature has event vars
  • Bug #1217: Segfault in unix-manager.c line 529 when using –unix-socket and sending pcap files to be analized via socket
  • Feature #781: IDS using NFLOG iptables target
  • Feature #1158: Parser DNS TXT data parsing and logging
  • Feature #1197: liblua support
  • Feature #1200: sighup for log rotation

Changelog v2.0.1 (2014-05-21)

  • No changes since 2.0.1rc1

 

More Information:

 

Download Suricata v2.0.3

Tags: , ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑