Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Official Release Note of Snort 2.9.1:-
- Protocol aware reassembly support for HTTP and DCE/RPC pre-processors. Updates to Stream5 allowing Snort to more intelligently inspect HTTP and DCE/RPC requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF).
- SIP pre-processor to identify SIP call channels and provide rule access via new rule option keywords. Also includes new pre-processor rules for anomalies in the SIP communications. See the Snort Manual and README.sip for details.
- POP3 & IMAP pre-processors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP pre-processor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details.
- Support for reading large pcap files.
- Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients to unified2 when Snort generates events on related traffic.
- IP Reputation pre-processor, allowing Snort to blacklist or whitelist packets based on their IP addresses. This pre-processor is still in an experimental state, so please report any issues to the Snort team. See README. Reputation for more information.
To download Snort Click Here