589043a29f
Fixes and additions: * Fixed compilation problems on all non-BSD operating systems * Added better configuration support for locating libpcap * Fixed ICMP ping packet id/sequence printouts * Made allowances for 64-bit machines in the decoders * Updated the portscan detector to the latest version * Disabled the defragmenter by default (in the rules file) * Added a patch from Dave Dittrich to make daemon mode alerts filenames conform * to the data in the documentation * Revamped the ICMP data structures to mimic those found in *BSD and provide for higher fidelity decoding/printout in the future * Repaired the output plugins so that they operate properly now * For the record, the payload dump conforms to the length of the IP datagram now and does not show pad bytes added by the minimum Ethernet frame size * Applied Chris Cramer's byte ordering patch to the flexresp code Other updates and changes since version 1.6: * New preprocessor plugin: IP defragmentation!! * New output plugins cover all old logging and alerting options * New output plugin no logs to MySQL, PostgreSQL, unixODBC databases * Updated portscan detection functionality * Added quote removal for most plugin parsers * -C crash bug fixed * PID/PATH_VARRUN file fixes * Converted many putc(3) calls to fputc(3) for portability * Transport layer decoders use ip_len field for length metric now * String tokenizer code modified for more reliable operation * Fixed flexible response code sequence prediction * Fixed DEBUG ifdef's so DEBUG mode code will compile correctly on all platforms * Set automake options so that people don't need gmake anymore to build Snort on BSD systems * Fixed SMB alert code large tmp file hole * Added sigsetmask code to fix SIGHUP weirdness * Added execvp option for SIGHUP restart code * Added ARP header printout validation * Added Session logging file integrity checking * Added -u/-g setuid/gid capability switches * Added -O IP address obfuscation switch * Added -t chroot switch * Fixed non-TCP/UDP/ICMP transport layer decoding & logging * Fixes and additions to the portscan preprocessor * Fixed Tru64 u_int* type declarations * Added check for pcap.h into configuration script * Fixed timeval problems on Linux boxen * Database logging plugin has been modified extensively, see the www.incident.org website for more information * Switched TCP flags printout routine to ensure proper RFP output scan output. ;) * Fixed default log/alert function code so that these functions are never NULL |
||
|---|---|---|
| .. | ||
| files | ||
| pkg | ||
| Makefile | ||