[Snort-users] Spade version 021026.1 released!

James Hoagland hoagland at ...47...
Sat Oct 26 16:17:02 EDT 2002


Silicon Defense is please to announce the availability of Spade 
version 021026.1, the latest version of its statistical anomaly 
detector for Snort.  This is what has changed:

+ ICMP traffic now analyzed for anomalies
   + dead-dest detector type now looks for ICMP traffic to unused IP
   + new odd-typecode detector type looks for ICMP packets with rare type
     and code fields
+ new odd-port-dest detector type looks for sources connecting to an
     unusual destination for a destination port (among destination ports
     that are observed to have a predictable set of destinations)
+ you can now exclude certain reports on a Spade-wide basis in addition to
     on a detector-specific basis (add Xdips, Xdports, Xsips, and/or
     Xsports on the main Spade configuration line)
+ dead-dest will no longer report on broadcast IPs
+ sped Spade up a little through some optimizations
+ spade.conf updated for new detection capabilities
+ Spade log file configured in the distributed spade.conf is now called
     spade.log (instead of log.txt) for clarity

As you can see, there's a few new detection capabilities in this 
version.  You  can download it and learn more at:


Enjoy and happy Spading,

|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

More information about the Snort-users mailing list