[Snort-users] Re: Spade version 021026.1 released!

James Hoagland hoagland at ...47...
Sat Oct 26 22:49:01 EDT 2002

One note.  I goofed slightly with the packaging. To install Spade 
you'll have to run 'make -f Makefile.toplevel' instead of just make. 
I'll update the package in the morning.

Sorry for any inconvenience,


At 4:16 PM -0700 10/26/02, James Hoagland wrote:
>Silicon Defense is please to announce the availability of Spade 
>version 021026.1, the latest version of its statistical anomaly 
>detector for Snort.  This is what has changed:
>+ ICMP traffic now analyzed for anomalies
>   + dead-dest detector type now looks for ICMP traffic to unused IP
>     addresses
>   + new odd-typecode detector type looks for ICMP packets with rare type
>     and code fields
>+ new odd-port-dest detector type looks for sources connecting to an
>     unusual destination for a destination port (among destination ports
>     that are observed to have a predictable set of destinations)
>+ you can now exclude certain reports on a Spade-wide basis in addition to
>     on a detector-specific basis (add Xdips, Xdports, Xsips, and/or
>     Xsports on the main Spade configuration line)
>+ dead-dest will no longer report on broadcast IPs
>+ sped Spade up a little through some optimizations
>+ spade.conf updated for new detection capabilities
>+ Spade log file configured in the distributed spade.conf is now called
>     spade.log (instead of log.txt) for clarity
>As you can see, there's a few new detection capabilities in this 
>version.  You  can download it and learn more at:
>   http://www.silicondefense.com/software/spice/
>Enjoy and happy Spading,
>   Jim
>|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
>|*            --- Silicon Defense: IDS Solutions ---             *|
>|*  hoagland at ...47..., http://www.silicondefense.com/  *|
>|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|

More information about the Snort-users mailing list