Los Abaphuhlisi beCisco bakhuphe ingxelo yokugqibela ye-beta Inkqubo yokuthintela ukungena "Snort 3" yintoni yenziwa ngokutsha ngokutsha, kuba le nguqulo intsha abaphuhlisi basebenze kumxholo wemveliso ngokupheleleyo kwaye uyilo lwenziwa ngokutsha.
Phakathi kwemimandla egxininisiweyo Ngexesha lokulungiswa kwenguqulelo entsha, bafumana ifayile ye ukuseta okwenziwe lula kunye nokuqaliswa yesicelo, ulungiselelo lokuzenzekelayo, ukwenza lula umthetho wolwakhiwo, i ukufunyanwa okuzenzekelayo kwazo zonke iiprotocol, ulungiselelo lweqokobhe lolawulo lomgca wokuyalela, ukusetyenziswa okusebenzayo kokufunda okuninzi kunye nokufikelela ngokudibeneyo kwabaphathi abahlukeneyo kulungelelwaniso olunye.
Malunga Snort
Kwabo abangamaziyo uSnort, kuya kufuneka uyazi ukuba eLe yinkqubo yokufumanisa inethiwekhi, simahla kwaye simahla. Inika amandla okugcina iinkuni kwiifayile zombhalo nakwindawo yolwazi open, njenge-MySQL. Isebenzisa ukubonwa kohlaselo kunye nenjini yokuskena izibuko evumela ukubhalisa, ukulumkisa kunye nokuphendula nakweyiphi na into engaqhelekanga echazwe ngaphambili.
Ngexesha lokufakwa kwayo, ibonelela ngamakhulu okucoca ulwelo okanye imigaqo ye-backdoor, i-DDoS, umnwe, i-FTP, uhlaselo lwewebhu, i-CGI, i-Nmap, phakathi kwabanye.
Inokusebenza njenge-sniffer kunye nepakethi yelog. Xa ipakethi ithelekisa iphethini esekwe kwimigaqo yoqwalaselo, ingena. Ngale ndlela uyazi ukuba nini, phi kwaye njani uhlaselo lwenzekile.
I-Snort inedatha yohlaselo oluhlaziywa rhoqo kwi-intanethi. Abasebenzisi banokwenza utyikityo olusekwe kwiimpawu zohlaselo lomnatha omtsha kwaye bazingenise kuLuhlu lwee-imeyile ezityikityiweyo, le ndlela yokuziphatha yoluntu kunye nokwabelana yenze ukuba i-Snort ibe yenye yezona zaziwa kakhulu, ezihlaziyiweyo kunye nezona zaziwa kakhulu kwi-IDS esekwe kwinethiwekhi. .
Vuma amanqaku amathathu okugqibela e-beta
Kule beta yokugqibela, uSnort wazisa utshintsho kwinkqubo entsha yoqwalaselo ethi ibonelela nges syntax eyenziwe lula kwaye ivumela ukusetyenziswa kwezikripthi kuyilo lobumbeko olunamandla. I-LuaJIT isetyenziselwa ukwenza iifayile zoqwalaselo. Iiplagi ezisekwe kwi-LuaJIT zibonelelwa ngokuphunyezwa kokhetho olongezelelweyo lwemigaqo kunye nenkqubo yobhaliso;
Injini yokufumana uhlaselo iye yaphuculwa, imigaqo ihlaziyiwe, Isakhono sokubopha i-buffers kwimithetho (i-buffers esisigxina) yongezwa. Injini yokukhangela yeHyperscan iyabandakanyeka, ekuvumela ukuba usebenzise iipateni ezikhawulezayo nezichanekileyo ezichanekileyo ezisekwe kumabinzana aqhelekileyo kwimithetho yakho;
Imowudi entsha yokubhengeza yongezwa kwi-HTTP, kuthathelwa ingqalelo imeko yeseshoni kunye nokugubungela i-99% yeemeko ezixhaswe sisuti sovavanyo lwe-HTTP Evader. Ikhowudi iyaphuhliswa ukuxhasa i-HTTP / 2.
Ukusebenza kwendlela yokuhlola ipakethi enzulu inyuke kakhulu. Yongeze amandla okusetyenzwa kwepakethi emininzi, ivumela ukwenziwa ngaxeshanye kwemisonto emininzi ephethe iipakethi kunye nokubonelela ngokulingana komgama ngokusekwe kwinani leekhowudi zeCPU.
Indawo yokugcina yoqwalaselo kunye neetafile zezinto ezenziweyo, ekwabelwana ngazo kwiinkqubo ezahlukeneyo, ezenze ukuba kuncitshiswe ukusetyenziswa kwememori ngokuphelisa uphinda phindo lolwazi;
Ukongeza, i-nInkqubo yelog yomsitho entsha esebenzisa ifomathi yeJSON kwaye idityaniswa ngokulula namaqonga angaphandle anje nge-Elastic Stack.
Kwakhona utshintsho kuyilo lweemodyuli lubonakalisiwe, Ukubanakho ukwandisa ukusebenza ngokuqhagamshela iplagi-ngaphakathi kunye nokuphunyezwa kweenkqubo eziphambili zohlobo lwee-plug-ins ezinokubuyiselwa.
Okwangoku, i-Snort 3 sele iphumeze amakhulu eeplagi ezigubungela iinkalo ezahlukeneyo zesicelo, umzekelo, ukuvumela ukongeza ii-codecs zakho, iindlela zokungena ngaphakathi, iindlela zobhaliso, iintshukumo kunye nokukhetha kwimigaqo, ukongeza ekufumaneni okuzenzekelayo. Ukuqhuba iinkonzo, ukuphelisa isidingo sokuchaza ngesandla izibuko lenethiwekhi elisebenzayo.
Gqibela ukuba ufuna ukwazi ngakumbi ngayo okanye uzame le beta, ungakhangela iinkcukacha kwi ukulandela ikhonkco.