Ngemuva kwezinyanga ezimbalwa, i-CR ye-Snort 3 ekugcineni yakhishwa.

Darkcrizt

Imizuzu ye-4

Ezinyangeni ezimbalwa ezedlule sabelane lapha kubhulogi izindaba zokukhishwa kwenguqulo ye-beta yeSnort 3 y bekuyizinsuku ezimbalwa ezedlule lapho bekuvele kunenguqulo ye-RC kuleli gatsha elisha lesicelo.

Kusukela ICisco imemezele ukwakhiwa kwalowo ozongenela ukhetho lokwethulwa uhlelo lokuvikela ukuhlaselwa Snor 3 (eyaziwa nangokuthi iphrojekthi ye-Snort ++), ebisebenza futhi ivaliwe kusukela ngo-2005. Uhlobo oluzinzile luhlelelwe ukukhishwa kungakapheli nenyanga.

USnort 3 uphinde wacabanga kabusha ngomqondo womkhiqizo futhi waklama kabusha ukwakhiwa. Phakathi kwezindawo ezisemqoka zentuthuko ye-Snort 3: ukwenza lula ukumiswa nokwethulwa kwe-Snort, ukwenza ngokuzenzakalela ukumiswa, ukwenza lula ulimi lokudala imithetho, ukuthola ngokuzenzakalela zonke izivumelwano, ukuhlinzeka ngegobolondo lokulawulwa komugqa womyalo, ukusetshenziswa iyasebenza

USnort une-database yokuhlaselwa evuselelwa njalo nge-inthanethi. Abasebenzisi bangakha amasiginesha ngokuya ngezimpawu zokuhlaselwa kwenethiwekhi okusha bese bekuhambisa ohlwini lwamakheli lwe-Snort's signature, le ndlela yokuziphatha yomphakathi nokwabelana yenze iSnort yaba enye ye-IDS edume kakhulu, esesikhathini futhi ethandwa kakhulu kunethiwekhi. Imicu eqinile enemicu eminingi ngokufinyelela okwabiwe kwezilawuli ezahlukahlukene ekumisweni okukodwa.

Yiluphi ushintsho oluku-CR?

Kwenziwe ushintsho kusistimu yokumisa entsha, enikeza i-syntax eyenziwe lula futhi ivumela ukusetshenziswa kwemibhalo ukukhiqiza ukulungiselelwa okunamandla. I-LuaJIT isetshenziselwa ukucubungula amafayela wokumisa. Ama-plugins asuselwa ku-LuaJIT anezinketho ezingeziwe zemithetho nohlelo lokubhalisa.

Injini yenziwe yaba yesimanje ukuthola ukuhlaselwa, imithetho ivuselelwe, kuye kwanezelwa amandla okubopha ama-buffers emithethweni (okunamathelayo). Injini yokusesha ye-Hyperscan isetshenzisiwe, okwenze ukuthi kusheshe futhi kunembile ukusebenzisa amaphethini aqalayo ngokususelwa ezinkulumweni ezijwayelekile emithethweni.

Kungeziwe imodi entsha yokuzazisa ye-HTTP okuchazwa ngeseshini futhi okubandakanya ama-99% ezimo ezisekelwa i-suite yokuhlola ye-HTTP Evader. Kungezwe uhlelo lokuhlola lwethrafikhi ye-HTTP / 2.

Ukusebenza kwemodi yokuhlola iphakethe ejulile kuthuthukisiwe ngokuphawulekayo. Kungezwe amandla wokucutshungulwa kwamaphakethe anemicu eminingi, okuvumela ukwenziwa ngasikhathi sinye kwemicu eminingi eneziphathi zamaphakethe nokuhlinzeka ngokulingana okulinganayo okususelwa kwinani lama-CPU cores.

Isitoreji esivamile sokumiswa namatafula wemfanelo kusetshenzisiwe, okwabelwana ngakho kumasistimu ahlukene, okwenze ukuthi kube nokwenzeka ukunciphisa kakhulu ukusetshenziswa kwememori ngokususa ukuphindaphindwa kolwazi.

Uhlelo olusha lomcimbi olusebenzisa ifomethi ye-JSON futhi luhlangana kalula namapulatifomu angaphandle anjenge-Elastic Stack.

Ukushintshela ekwakhiweni kwezakhiwo, ikhono lokwelula ukusebenza ngokuxhumeka kwe-plug-in kanye nokuqalisa kwezinhlelo ezingukhiye ezinkulu ngendlela yama-plug-ins angashintshwa. Okwamanje, ama-plugins angamakhulu amaningana asevele esetshenziselwe iSnort 3, ehlanganisa izindawo ezahlukahlukene zohlelo lokusebenza, ngokwesibonelo ukuvumela ukuthi ungeze ama-codec akho, izindlela zokuzihlola, izindlela zokubhalisa, izenzo nezinketho emithethweni.

Kwezinye izinguquko ezigqamile:

  • Ukutholwa okuzenzakalelayo kwezinsizakalo ezisebenzayo, kuqeda isidingo sokucacisa ngesandla amachweba wenethiwekhi asebenzayo.
  • Kungezwe ukusekelwa kwefayela ukukhipha ngokushesha izilungiselelo ezihlobene nezilungiselelo ezizenzakalelayo. Ukusetshenziswa kwe-snort_config.lua ne-SNORT_LUA_PATH kuyekiwe ukwenza lula ukumiswa. Kungezwe ukusekelwa kokulayisha kabusha izilungiselelo endizeni;
  • Ikhodi inikeza amandla okusebenzisa ukwakhiwa kwe-C ++ okuchazwe kuzinga le-C ++ 14 (Umhlangano udinga umhlanganisi osekela i-C ++ 14).
  • Isilawuli esisha se-VXLAN sesingeziwe.
  • Ukusesha okuthuthukisiwe kwezinhlobo zokuqukethwe ngokuqukethwe kusetshenziswa okunye ukwenziwa okubuyekeziwe kwe-Boyer-Moore ne-Hyperscan algorithms.
  • Ukwethulwa okusheshayo ngokusebenzisa imicu eminingi ukuhlanganisa amaqembu emithetho;
  • Kungezwe indlela entsha yokubhalisa.
  • Uhlelo lokuhlola i-RNA (Real-time Network Awareness) lungeziwe, oluqoqa imininingwane ngezinsizakusebenza, abaphathi, izinhlelo kanye nezinsizakalo ezitholakala kwinethiwekhi.

Umthombo: https://blog.snort.org


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.