9bff922955
2005-01-25 - Snort 2.3.0 Final Released * Fixed issue with sfPortscan reporting incorrect IP datagram length. Thanks Jon Hart for the test case and finding the bug, and Marc Norton for resolving the issue. * Threshold/Suppression now prints properly when logging to syslog. Thanks Sekure for pointing out the problem. Thanks Steve Sturges for working on the fix. * Threshold memcap argument now correctly handles non-integer input. Thanks nnposter for the patch. * Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were not decoded properly. Thanks Dan Roelker for the fix. * Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your work on putting it all together. 2004-12-15 - Snort 2.3.0 RC2 Released * Small performance improvement to arpspoof and also fixed a problem where the list of configured IP/MAC entries would contain only one entry and leaked memory (Jeff Nathan). * Fixed a problem affecting MacOS X where linking may fail with non-standard libraries when global symbols are encountered multiple times (Jeff Nathan). * Ignore RST|ACK midstream pickup case so we don't get an evasive TCP alerts. Thanks for the report, Sekure. Thanks Dan Roelker for the fix. * Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the logdir config will work if the default or command-line logdir does not exist on the system. Thanks Dan Roelker. * Fixed bug when setting the doe_ptr on a successful pcre match. It is now set relative to base_ptr. Thanks Steve Sturges for the fix. * Added from_beginning and multiplier options for byte_jump. from_beginning skips bytes from the beginning of the content, instead of from the location immediately following the number of bytes to skip. multiplier takes a numeric argument, and skips x times that number of bytes. Thanks again to Steve Sturges. * In "fast" output, now log only actual packet contents when UDP data length is greater than actual data length. Thanks Brian Caswell for spotting this, and Andrew Mullican for working on the fix. * Please check the ChangeLog for further details. 2004-11-18 - Snort 2.3.0 RC1 Released * Added IPS functionality from Snort-Inline. A big thanks to the Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor Julien). Also, Thanks Dan Roelker for doing the integrating of Snort-Inline into the official Snort project. * Added new portscan detector. The design and implementation was headed up by Dan Roelker, and included Marc Norton and Jeremy Hewlett. * Numerous changes for better 64bit Snort support from Jeremy Hewlett and Marc Norton. Additionally, an --enable-64bit-gcc option was added to configure. However, there are still some memory alignment issues to work out before 64bit mode is fully functional, patches are welcomed. Thanks Chris Baker for doing 64bit testing. * Added not_established keyword to the flow detection option. This allows snort to do dynamic firewall rulesets. Experimental for now. * Added an enforce_state keyword to stream4 so we won't pick up midstream sessions. This works well for asynchronous links and also for just monitoring legitimate traffic. * Relocated ./contrib files to http://www.snort.org/dl/contrib as many are not maintained by Sourcefire and are out of date. The rpm and schema files have been relocated in their respective 'rpm' and 'schemas' directories under the snort parent directory. * perfmonitor config line can now be configured with "accumulate" or "reset." Thanks Marc Norton for the feature, and Barry Basselgia for pointing out the issue. Thanks Scott Dexter and Andreas Ostling for doing some initial testing. * Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson and Clay McClure. Thanks guys. * Fixed reference times to match log time for first packet, for an event generated by a reassembled packet. Incremented event ID to give unique ID for each packet. Also made unified logging compatible with Windows. Thanks Andrew Mullican for the fix. * Fixed linux perfmonitoring stats for the 2.6 kernel. Thanks to everyone that reported this bug. Thanks Dan Roelker for the fix. * Get thresholding/suppression to work for alerts that do not contain an ip header (primarily decode alerts). Thanks Brian Caswell. * Fix conditions where snort would log double web alerts that contained only content options (no uricontents). Thanks to kawa for finding and reporting this bug. * Fix suppression/thresholding bug for non-rule alerts. Thanks to Alex Butcher for reporting it to us. * Many other bug fixes, please check the ChangeLog for details.
8 lines
184 B
Makefile
8 lines
184 B
Makefile
# $NetBSD: Makefile,v 1.26 2005/01/28 23:02:41 adrianp Exp $
|
|
#
|
|
|
|
.include "Makefile.common"
|
|
|
|
COMMENT= The Open Source Network Intrusion Detection System
|
|
|
|
.include "../../mk/bsd.pkg.mk"
|