Irregular Expressions

Feb 9 2010   8:24AM GMT

Next generation IDS/IPS engine

Dan O'Connor Dan O'Connor Profile: Dan O'Connor


I have been following this since there was first talk of creating a new engine.  They have released version 0.80.

The engine is to load the current Snort rule sets and VRT rule sets out of the box!

Once I complete my exam this week I will have some extra time and will provide install instructions for FreeBSD.

The list of what they have added is extensive. (A the list to come is pretty long) There is more features on the way, listed in the official documentation.


Automatic Protocol Detection

Gzip Decompression

Independent HTP Library
– A total independant HTP libary that is also released under the GPLv2.

Standard Input Methods
– You can use NFQueue, IPFRing, and the standard LibPcap to capture traffic.

Unified2 Output
– You can use your standard output tools and methods with the new engine, 100% compatible!

Flow Variables
– It’s possible to capture information out of a stream and save that in a variable which can then be matched again later.

Fast IP Matching
– The engine will automatically take rules that are IP matches only (such as the RBN and compromised IP lists at Emerging Threats) and put them into a special fast matching preprocessor.

HTTP Log Module
– All HTTP requests can be automatically output into an apache-style log format file. Very useful for monitoring and logging activity completely independent of rulesets and matching. Should you need to do so you could use the engine only as an HTTP logging sniffer.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: