[Snort-users] [Emerging-Sigs] Suricata IDS Available for Download!

Matt Jonkman jonkman at ...4024...
Fri Jan 1 11:44:36 EST 2010


We were slashdotted, which caused massive problems of course.

Things are all back to normal. You can get code at:

http://openinfosecfoundation.org/index.php/download-suricata

Should remain stable. We're still on the front page at slashdot, but the
load is manageable now thankfully.

Matt

On 12/31/09 7:49 PM, Jules Pagna Disso wrote:
> HI Matt,
> 
> The job done sounds great. It seems as if the download link is not
> active or broken?
> 
>  
> Happy new year!
> Jules
> 
> 2009/12/31 Matt Jonkman <jonkman at ...4024... <mailto:jonkman at ...4024...>>
> 
>     Thanks Matt! That's great to hear from you!
> 
>     Look forward to your feedback.
> 
>     Matt
> 
>     On 12/31/09 3:42 PM, Matt Olney wrote:
>     > Congrats to Matt Jonkman and the team at OISF.  It's a big step, and I
>     > look forward to seeing your work (after then new year :))
>     >
>     > Matt
>     >
>     > On Thu, Dec 31, 2009 at 3:11 PM, Matt Jonkman
>     <jonkman at ...4024... <mailto:jonkman at ...4024...>
>     > <mailto:jonkman at ...4024... <mailto:jonkman at ...4024...>>> wrote:
>     >
>     >     Full Announcement here:
>     >     http://www.openinfosecfoundation.org/
>     >
>     >
>     >     It's been about three years in the making, but the day has
>     finally come!
>     >     We have the first release of the Suricata Engine! The engine
>     is an Open
>     >     Source Next Generation Intrusion Detection and Prevention
>     Tool, not
>     >     intended to just replace or emulate the existing tools in the
>     industry,
>     >     but to bring new ideas and technologies to the field.
>     >
>     >     The Suricata Engine and the HTP Library are available to use
>     under the
>     >     GPLv2.
>     >
>     >     The HTP Library is an HTTP normalizer and parser written by
>     Ivan Ristic
>     >     of Mod Security fame for the OISF. This integrates and
>     provides very
>     >     advanced processing of HTTP streams for Suricata. The HTP
>     library is
>     >     required by the engine, but may also be used independently in
>     a range of
>     >     applications and tools.
>     >
>     >     This is considered a Beta Release as we are seeking feedback
>     from the
>     >     community. This release has many of the major new features we
>     wanted to
>     >     add to the industry, but certainly not all. We intend to get
>     this base
>     >     engine out and stable, and then continue to add new features.
>     We expect
>     >     several new releases in the month of January culminating in a
>     production
>     >     quality release shortly thereafter.
>     >
>     >     The engine and the HTP Library are available here:
>     >     http://www.openinfosecfoundation.org/index.php/download-suricata
>     >
>     >     Please join the oisf-users mailing list to discuss and share
>     feedback.
>     >     The developers will be there ready to help you test.
>     >     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>     >
>     >
>     >     As this is a first release we don't really have a "what's New"
>     section
>     >     because everything is new. But we do have a number of new
>     ideas and new
>     >     concepts to Intrusion Detection to note. Some of those are
>     listed below:
>     >
>     >
>     >
>     >     Multi-Threading
>     >     Amazing that multi-threading is new to IDS, but it is, and
>     we've got it!
>     >
>     >
>     >     Automatic Protocol Detection
>     >     The engine not only has keywords for IP, TCP, UDP and ICMP,
>     but also has
>     >     HTTP, TLS, FTP and SMB! A user can now write a rule to detect
>     a match
>     >     within an HTTP stream for example regardless of the port the
>     stream
>     >     occurs on. This is going to revolutionize malware detection
>     and control.
>     >     Detections for more layer 7 protocols are on the way.
>     >
>     >
>     >     Gzip Decompression
>     >     The HTP Parser will decode Gzip compressed streams, allowing
>     much more
>     >     detailed matching within the engine.
>     >
>     >
>     >     Independent HTP Library
>     >     The HTP Parser will be of great use to many other applications
>     such as
>     >     proxies, filters, etc. The parser is available as a library
>     also under
>     >     GPLv2 for easy integration ito other tools.
>     >
>     >
>     >     Standard Input Methods
>     >     You can use NFQueue, IPFRing, and the standard LibPcap to capture
>     >     traffic. IPFW support coming shortly.
>     >
>     >
>     >     Unified2 Output
>     >     You can use your standard output tools and methods with the
>     new engine,
>     >     100% compatible!
>     >
>     >
>     >     Flow Variables
>     >     It's possible to capture information out of a stream and save
>     that in a
>     >     variable which can then be matched again later.
>     >
>     >
>     >     Fast IP Matching
>     >     The engine will automatically take rules that are IP matches
>     only (such
>     >     as the RBN and compromised IP lists at Emerging Threats) and
>     put them
>     >     into a special fast matching preprocessor.
>     >
>     >
>     >     HTTP Log Module
>     >     All HTTP requests can be automatically output into an
>     apache-style log
>     >     format file. Very useful for monitoring and logging activity
>     completely
>     >     independent of rulesets and matching. Should you need to do so
>     you could
>     >     use the engine only as an HTTP logging sniffer.
>     >
>     >
>     >
>     >     Coming Very Soon: (Within a few weeks)
>     >
>     >     Global Flow Variables
>     >     The ability to store more information from a stream or match
>     (actual
>     >     data, not just setting a bit), and storing that information
>     for a period
>     >     of time. This will make comparing values across many streams
>     and time
>     >     possible.
>     >
>     >
>     >     Graphics Card Acceleration
>     >     Using CUDA and OpenCL we will be able to make use of the massive
>     >     processing power of even old graphics cards to accelerate your
>     IDS.
>     >     Offloading the very computationally intensive functions of the
>     sensor
>     >     will greatly enhance performance.
>     >
>     >
>     >     IP Reputation
>     >     Hard to summarize in a sentence, but Reputation will allow
>     sensors and
>     >     organizations to share intelligence and eliminate many false
>     positives.
>     >
>     >
>     >     Windows Binaries
>     >     As soon as we have a reasonably stable body of code.
>     >
>     >
>     >
>     >     The list could go on and on. Please take a few minutes to
>     download the
>     >     engine and try it out and let us know what you think. We're not
>     >     comfortable calling it production ready at the moment until we
>     get your
>     >     feedback, and we have a few features to complete. We really
>     need your
>     >     feedback and input. We intend to put out a series of small
>     releases in
>     >     the two to three weeks to come, and then a production ready major
>     >     release shortly thereafter. Phase two of our development plan
>     will then
>     >     begin where we go after some major new features such as IP
>     Reputation
>     >     shortly.
>     >
>     >     http://www.openinfosecfoundation.org
>     >
>     >
>     >     ----------------------------------------------------
>     >     Matthew Jonkman
>     >     Emerging Threats
>     >     Open Information Security Foundation (OISF)
>     >     Phone 765-429-0398
>     >     Fax 312-264-0205
>     >     http://www.emergingthreats.net
>     >     http://www.openinformationsecurityfoundation.org
>     >     ----------------------------------------------------
>     >
>     >     PGP: http://www.jonkmans.com/mattjonkman.asc
>     >
>     >    
>     ------------------------------------------------------------------------------
>     >     This SF.Net email is sponsored by the Verizon Developer Community
>     >     Take advantage of Verizon's best-in-class app development support
>     >     A streamlined, 14 day to market process makes app distribution
>     fast
>     >     and easy
>     >     Join now and get one step closer to millions of Verizon customers
>     >     http://p.sf.net/sfu/verizon-dev2dev
>     >     _______________________________________________
>     >     Snort-users mailing list
>     >     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     >     <mailto:Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>>
>     >     Go to this URL to change user options or unsubscribe:
>     >     https://lists.sourceforge.net/lists/listinfo/snort-users
>     >     Snort-users
>     >     <https://lists.sourceforge.net/lists/listinfo/snort-users
>     >     Snort-users> list archive:
>     >     http://www.geocrawler.com/redir-sf.php3?list=snort-users
>     >
>     >
> 
>     --
> 
>     ----------------------------------------------------
>     Matthew Jonkman
>     Emerging Threats
>     Open Information Security Foundation (OISF)
>     Phone 765-429-0398
>     Fax 312-264-0205
>     http://www.emergingthreats.net
>     http://www.openinformationsecurityfoundation.org
>     ----------------------------------------------------
> 
>     PGP: http://www.jonkmans.com/mattjonkman.asc
>     _______________________________________________
>     Emerging-sigs mailing list
>     Emerging-sigs at ...14333...
>     <mailto:Emerging-sigs at ...14333...>
>     http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> 

-- 

----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinformationsecurityfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




More information about the Snort-users mailing list