Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort 2.8.5 introduces:
- A revised DCE/RPC preprocessor with more rule options – With the new DCE/RPC preprocessor, there will be a number of updates to the rules. Please be sure to update your rules to the latest when that package is available (next few days).
- Support for IPv6 in Frag3 and all application preprocessors
- Improved target-based support in preprocessors
- Option to automatically pre-filter traffic that is not inspected in order to improve performance
- Several other improvements and fixes.