In association with heise online

27 April 2010, 16:56

Intrusion detector Snort now has improved HTTP inspection

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Snort Logo According to the Snort developers, the latest 2.8.6 release can now divide HTTP requests into five components – method, URI, header, cookies and body – to allow better analysis. This makes it easier to apply rules to individual components. Decompression of packets zipped using Gzip has been improved and a sensitive data filter, which seeks to detect and prevent the transfer of personal data, implemented. There are a number of additional fixes and stability enhancements.

In a post on its blog, Sourcefire points out a couple of stumbling blocks which arise as a result of the change in rules files version numbers. Version 0.4.1 of Snort rules updater PulledPork is also available and includes a number of improvements.

More details about the release can be found in the release notes (direct download text file). Snort is available to download from the project's web site and is dual licensed under version 2 of the GNU General Public License (GPLv2) and the Non-Commercial Use License for the Proprietary Snort Rules.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit