The inline feature set includes only the core inline functionality. This means that DROP, SDROP, and REJECT rule-types are supported. The detection plugin "replace" has also been included. A couple of new features were also added during the integration effort, which provides inline state and dropping packets with bad checksums. The Snort-Inline project will continue to develop new inline features, so for the latest advancements in inline functionality, please refer to the Snort-Inline project. Further documentation can be found in README.INLINE and the Snort-Inline website.

Next up is a new portscan detection engine - sfPortscan. This engine was developed to detect TCP/UDP/ICMP/IP protocol scans and sweeps. In addition to this, it detects decoy and distributed portscans, and can distinguish between filtered and unfiltered scans. When portscan alerts are generated, the details of the portscan are logged along with it. This information gives the analyst details on how many ports were scanned, ranges, number of ips scanned, ip ranges, and what ports were open on the target. For more information, please see README.sfportscan. The design and implementation was headed up by Dan Roelker, and included Marc Norton and Jeremy Hewlett.

This release also includes various bug fixes, please refer to the ChangeLog for further information. Also, please remember that this is not considered to be an official stable release or candidate. Standard CVS disclaimer applies. However, for those living on the bleeding-edge, we encourage you to check it out and give us feedback.

Lastly, we've updated the "Our Team" page. Check it out.

Thanks for your time, please let us know what you think!

Read More Details

Only registered users can write comments.
Please login or register.

Powered by AkoComment 1.0 beta 2!