I-Los Abathuthukisi beCisco bakhiphe inguqulo yokugcina ye-beta uhlelo lokuvikela ukungena ngaphakathi "Snor 3" okuyinto yakhiwa kabusha ngokuphelele, ngoba ngale nguqulo entsha onjiniyela basebenze kumqondo womkhiqizo ngokuphelele futhi izakhiwo zakhiwa kabusha.
Phakathi kwezindawo ezagcizelelwa Ngesikhathi sokulungiswa kwenguqulo entsha, uzothola i- ukusethwa okwenziwe lula nokwethulwa wohlelo, ukumisa okuzenzakalelayo, ukwenziwa lula kolimi lokwakhiwa komthetho, i- ukuthola okuzenzakalelayo kwazo zonke izivumelwano, ukuhlinzekwa kwegobolondo lokuphathwa komugqa womyalo, ukusetshenziswa okusebenzayo kokufundwa kwamanani amaningi ngokufinyelela okuhlangene kwabaphathi abahlukahlukene ukumiswa okukodwa.
Mayelana Snort
Kulabo abangazi ngeSnort, kufanele wazi ukuthi eLolu uhlelo lokuthola ukungena kwenethiwekhi, mahhala futhi mahhala. Inikeza amandla okugcina izingodo kumafayili wombhalo nakwizizinda zolwazi open, njenge-MySQL. Isebenzisa injini yokutholwa kokuhlasela kanye nokuskenwa kwetheku okuvumela ukubhalisa, ukuxwayisa nokuphendula kunoma yikuphi ukungafani okuchazwe ngaphambilini.
Ngesikhathi sokufakwa kwayo, inikeza amakhulukhulu ezihlungi noma imithetho ye-backdoor, DDoS, umunwe, i-FTP, ukuhlaselwa kwewebhu, i-CGI, i-Nmap, phakathi kwabanye.
Ingasebenza njenge-sniffer ne-log pack. Lapho iphakethe lifana nephethini esungulwe kumithetho yokumisa, lingena ngemvume. Nakhu ukuthi wazi kanjani ukuthi kwenzeka nini, kuphi futhi kanjani.
USnort une-database yokuhlaselwa evuselelwa njalo nge-inthanethi. Abasebenzisi bangakha amasiginesha ngokususelwa kuzici zokuhlaselwa kwenethiwekhi okusha bese bekuhambisa ohlwini lwamakheli lwe-Snort's signature, le ndlela yokuziphatha yomphakathi nokwabelana yenze iSnort yaba enye ye-IDS edume kakhulu, esesikhathini, futhi ethandwa kakhulu kunethiwekhi. ngamandla.
Snor 3 okuvelele kokugcina kwe-beta
Kule beta yokugcina, uSnort wethula inguquko kusistimu entsha yokumisa leyo inikeza i-syntax eyenziwe lula futhi ivumela ukusetshenziswa kwemibhalo yokwakheka kokumiswa okunamandla. I-LuaJIT isetshenziselwa ukucubungula amafayela wokumisa. Ama-plugins asuselwa ku-LuaJIT anikezwa ngokuqalisa kokunye okukhethwa kukho kwemithetho nohlelo lokubhalisa;
Injini yokuthola ukuhlaselwa yenziwe yaba yesimanje, imithetho ivuselelwe, Kungezwe amandla okubopha ama-buffers emithethweni (ama-fixed buffers). Injini yokusesha ye-Hyperscan iyabandakanyeka, ikuvumela ukuthi usebenzise amaphethini ashukumisayo asheshe futhi anembe kakhulu asuselwa kuzisho ezivamile emithethweni yakho;
Imodi entsha yokuzazisa ingezwe nge-HTTP, kucatshangelwa isimo seseshini nokumboza ama-99% wezimo ezisekelwa yi-suite ye-HTTP Evader test. Ikhodi iyakhiwa ukuxhasa i-HTTP / 2.
Ukusebenza kwemodi yokuhlola iphakethe ejulile kukhuphuke kakhulu. Amandla wokucubungula amaphakethe amaningi afakiwe, enika amandla ukwenziwa ngasikhathi sinye kwemicu eminingi eneziphathi zamaphakethe nokuhlinzeka ngokulingana okulinganayo okususelwa kwinani lama-CPU cores.
Inqolobane evamile yokucushwa namatafula wemfanelo sekuqalisiwe, okwabiwa kumasistimu ahlukene, okwenze ukuthi kunciphise kakhulu ukusetshenziswa kwememori ngokuqeda ukuphindaphindwa kolwazi;
Ngaphezu kwalokho, i-nUhlelo lokungena lomcimbi olusha olusebenzisa ifomethi ye-JSON futhi ihlangana kalula namapulatifomu angaphandle afana ne-Elastic Stack.
Futhi ukugqanyiselwa ekwakhiweni kwe-modular kugqanyisiwe, ikhono lokwelula ukusebenza ngokuxhumeka kwe-plug-in kanye nokuqaliswa kwezinsiza ezingukhiye ngendlela yama-plug-ins angashintshwa.
Njengamanje, i-Snort 3 isivele isebenzise ama-plugins angamakhulu amaningana amboza imikhakha ehlukahlukene yohlelo lokusebenza, ngokwesibonelo, ikuvumela ukuthi ungeze ama-codec akho, izindlela zokuhlola, izindlela zokubhalisa, izenzo kanye nezinketho emithethweni, ngaphezu kokutholwa okuzenzakalelayo. Amasevisi asebenzayo, ukuqeda isidingo sokucacisa ngesandla amachweba wenethiwekhi asebenzayo.
Okokugcina uma ufuna ukwazi kabanzi ngayo noma zama le beta, ungabheka imininingwane ku isixhumanisi esilandelayo.