|
Latest available versions |
|
SnortSam 2
|
v. 2.55
|
03-29-06
|
|
samtool
|
v. 1.7
|
03-29-06
|
|
Snortsam News
|
24-07-07: |
Updated Snort source available for 2.6.15 and newly released 2.7.0. Hot off the presses, get yours on the download page or:
Snort 2.7.0
Snort 2.6.1.5
Matt
|
02-02-07: |
Well, almost a year went by without any updates. Sorry folks, but I just don't have the time to maintain Snortsam anymore. As announced in the mail list, I'm in the process of transitioning Snortsam to a new group of maintainers. Stay tuned for an offical announcement.
In order to facilitate a smooth transition, I committed several piled-up changes to CVS and the sources in FTP. I did NOT recompile any code. These additions are:
* Patch from Ali Basel to the CiscoACL plugin.
* Addition of the ENABLEPERSISTENTTCP option. The persistent TCP code has still not properly debugged, but is included in the current source code (which would be version 2.53). However, it is disabled by default, but can be forced on with this option.
* Mark P Clift had supplied code for the Microsoft ISA 2004 server since the existing plugin is only compatible with older versions. I have not been able to test this code yet, but Mark reports it running fine. To compile it, you need to have the proper DLLs, which are supplied in the contrib folder. Mark was also working on a version for ISA Server 2006.
* Finally figured out the issue with the Snortsam patch for Snort™ and why it worked on 2.4 but not 2.6 (Snort™ 2.4 had a comma too many in the code, 2.6 does not). The Snortsam patch has finally been fixed. Woohoo!
With that, the CVS and FTP trees are what I consider wrapped-up and ready for transfer to the new maintainers. All the binary compilation stuff I shall leave to their discretion.
|
|
03-31-06: |
Version 2.52 still seems to have a few issues. While 2.52 is available via CVS and FTP, I'm rolling the "official" version back to 2.50 which is pretty stable.
use 2.52 at your own risk. You've been warned. (Issues include Snortsam-to-Snortsam links being disabled due to spurious password mismatches, and some issues with backwards
compatibility when using disablepersistentconnections).
|
|
03-29-06: |
* Added support for persistent TCP connections to Snortsam and samtool. Snortsam-to-Snortsam links are now using persistent TCP connections as
opposed to a new one for each block. It should be backwards compatible with earlier versions and with Snort™ (which doesn't support persistent
TCP sessions just yet). This feature can be disabled with the disablepersistentconnections option if desired. Please provide
feedback to performance or problems with this feature. Current Snortsam version is 2.52. Binaries and source have been updated as usual.
|
|
Older bulletins/Changelog entries are available here
Snortsam in the News
Following books include chapters about Snortsam :
 |
"...Most folks who'll use Snort™ will want to add an alert management GUI; Koiziol covers ACID in depth and introduces powerful tools for generating real-time alerts. You'll probably want a better way to manage your signatures: Koziol introduces and covers IDS Policy Manager. There's even a brief introduction to tools like SnortSam that go beyond "detection" to intrusion prevention..."
 |
 |
"From the Foreword by Stephen Northcutt, Director of Training and Certification, The SANS Institute
...Both managers and security technologists face a pressing need to get up to speed, and fast, on the commercial and open source intrusion prevention solutions. This is the first book-length work that specifically concentrates on the concept, implementation, and implications of intrusion prevention and active response. The term IPS has been thrown around with reckless abandon by the security community. Here, the author team works to establish a common understanding and terminology, as well as compare the approaches to intrusion prevention."
|
 |
"Written by the same lead engineers of the Snort™ Development team, this will be the first book available on the major upgrade from Snort™ 2 to Snort™ 2.1 (in this community, major upgrades are noted by .x and not by full number upgrades as in 2.0 to 3.0). Readers will be given invaluable insight into the code base of Snort™, and in depth tutorials of complex installation, configuration, and troubleshooting scenarios."
|
 |
"Snort™, the defacto standard of intrusion detection tools, can save countless headaches; the new Snort™ Cookbook will save countless hours of trial and error. Each "recipe" offers a clear description of a gnarly problem, a concise but complete solution, and practical examples. But this ultimate Snort™ sourcebook offers more than just immediate cut-and-paste answers; it also showcases the best tips and tricks to leverage the full power of Snort™--and still have a life"
|
 |
"This practical guide to managing network security covers reliable methods for detecting network intruders, from using simple packet sniffers to more sophisticated IDS (Intrusion Detection Systems) applications and the GUI interfaces for managing them. A comprehensive resource for monitoring illegal entry attempts, Managing Security with Snort™ and IDS Tools provides step-by-step instructions on getting up and running with Snort™ 2.1, and how to shut down and secure workstations, servers, firewalls, routers, sensors and other network devices."
|
 |
"Snort™ gives network administrators an open source intrusion detection system that outperforms proprietary alternatives. Now, Rafeeq Ur Rehman explains and simplifies every aspect of deploying and managing Snort™ in your network. You'll discover how to monitor all your network traffic in real time; update Snort™ to reflect new security threats; automate and analyze Snort™ alerts; and more. Best of all, Rehman's custom scripts integrate Snort™ with Apache, MySQL, PHP, and ACID-so you can build and optimize a complete IDS solution more quickly than ever before."
|
© Copyright 2001-2007 Frank Knobbe. All rights reserved.
Snort and Sourcefire are registered trademarks of Sourcefire, Inc.
|
