pkgsrc

History

salo 495195d60a Update to version 2.1.0. Changes: 2.1.0: ====== - A new connection tracking module, Flow (replaces conversation) - A new portscan detector based off of Flow, Flow-Portscan (replaces portscan2) - A new http preprocessor, HttpInspect (replaces http_decode) - Alert Thresholding and Suppression - PCRE rule keyword (Perl Compat Regular Expressions) - isdataat rule keyword (buffer length detection) - A ton of new and updated rules. 2.0.6: ====== - 64-bit update for detection engine. (Thanks, Silio d'Angelo) - Added better PPP decoding. (Thanks Jesper Peterson) - Updated ip_proto optimization for high-speed detection engine. - Fixed infinite loop problem that was introduced by the recursive pattern matching patch. Reported by Lawrence Reed, thanks for testing out the changes for us! - Various changes to help respond (version 1) work a little better. - spp_http_decode 64-bit patch from Dirk Mueller. - Out-of-order ACK problem from Andrew Rucker. Also, updated stream4 to the most recent version from HEAD. - Minor fixes to tagging related to 'src' and 'dst' directives - When counting one byte patterns in 'ningroup' added a check for psLen==1 (wu-manber pattern matcher). Thanks Josh Sakofsky and Dennis McGuire for helping us test this. 2.0.5: ====== - Stream4 fixes from Andrew Rucker Jones. - Allow memcap to be configured for threshold features. 2.0.4: ====== - Fixed a core dump introduced with 2.0.3 when dealing with negated patterns 2.0.3: ====== - doe_ptr handling in byte_test/byte_jump slightly modified to work better with the pcre patch - content processing is now recursive to make distance/within processing better ( thanks to Shai Rubin for patch! ) - fixed a bug in the mwm.c pattern matcher that resulted in some alerts not firing in a particular configuration of rules 2.0.2: ====== - Added Thresholding and Suppression features (Marc Norton/Sourcefire) - Fixed TCP RST processing bug found (Shai Rubin) - Cleanup of spp_arpspoof (Jeff Nathan) - Cleanup of win32 version including proper Event Log support (Chris Reid) - Munged data fixes for stream4 (Chris Green)	2003-12-31 14:11:42 +00:00
..
Makefile	Update to version 2.1.0.	2003-12-31 14:11:42 +00:00

salo 495195d60a Update to version 2.1.0.

Changes:

2.1.0:
======
- A new connection tracking module, Flow (replaces conversation)
- A new portscan detector based off of Flow, Flow-Portscan (replaces
  portscan2)
- A new http preprocessor, HttpInspect (replaces http_decode)
- Alert Thresholding and Suppression
- PCRE rule keyword (Perl Compat Regular Expressions)
- isdataat rule keyword (buffer length detection)
- A ton of new and updated rules.

2.0.6:
======
- 64-bit update for detection engine. (Thanks, Silio d'Angelo)
- Added better PPP decoding. (Thanks Jesper Peterson)
- Updated ip_proto optimization for high-speed detection engine.
- Fixed infinite loop problem that was introduced by the recursive pattern
  matching patch. Reported by Lawrence Reed, thanks for testing out the
  changes for us!
- Various changes to help respond (version 1) work a little better.
- spp_http_decode 64-bit patch from Dirk Mueller.
- Out-of-order ACK problem from Andrew Rucker. Also, updated stream4 to the
  most recent version from HEAD.
- Minor fixes to tagging related to 'src' and 'dst' directives
- When counting one byte patterns in 'ningroup' added a check for
  psLen==1 (wu-manber pattern matcher). Thanks Josh Sakofsky and Dennis
  McGuire for helping us test this.

2.0.5:
======
- Stream4 fixes from Andrew Rucker Jones.
- Allow memcap to be configured for threshold features.

2.0.4:
======
- Fixed a core dump introduced with 2.0.3 when dealing with negated patterns

2.0.3:
======
- doe_ptr handling in byte_test/byte_jump slightly modified to work
  better with the pcre patch
- content processing is now recursive to make distance/within processing
  better ( thanks to Shai Rubin for patch! )
- fixed a bug in the mwm.c pattern matcher that resulted in some alerts
  not firing in a particular configuration of rules

2.0.2:
======
- Added Thresholding and Suppression features (Marc Norton/Sourcefire)
- Fixed TCP RST processing bug found (Shai Rubin)
- Cleanup of spp_arpspoof (Jeff Nathan)
- Cleanup of win32 version including proper Event Log support (Chris Reid)
- Munged data fixes for stream4 (Chris Green)

2003-12-31 14:11:42 +00:00

Makefile

Update to version 2.1.0.

2003-12-31 14:11:42 +00:00