USnort 3 ufika nokwakhiwa kabusha okuphelele kanye nalezi zindaba

Darkcrizt

Imizuzu ye-4

Ngemuva kweminyaka eyisikhombisa yentuthuko, ICisco yethule inguqulo yokuqala ezinzile wohlelo lokuvikela ukuhlaselwa Snort 3 esakhiwe kabusha ngokuphelele, ngaphezu kokwenza lula ukumiswa nokwethulwa kwe-Snort, kanye ne kungenzeka ukwenza okuzenzakalelayo ukumiswa, yenza lula ulimi olwenza umthetho, kutholakale ngokuzenzakalela zonke izinqubo ezihlinzekwayo, unikeze ifayela le- Igobolondo lokulawulwa komugqa womyalo, Ukucushwa okusebenzayo okuningana ngokufinyelela okwabiwe kwezilawuli ezahlukahlukene ekucushweni okukodwa nokuningi.

Kulabo abangazi ngeSnort, kufanele ukwazi lokho ingahlaziya ithrafikhi ngesikhathi sangempela, iphendule emsebenzini otholakele onobungozi futhi ugcine imininingwane eningiliziwe yephakheji yokuhlaziywa kwesigameko kamuva.

Igatsha le-Snort 3, elaziwa nangokuthi iphrojekthi ye-Snort ++, selicubungule ngokuphelele umqondo nokwakhiwa komkhiqizo wawo.

Umsebenzi eSnort 3 waqala ngo-2005 kodwa washiywa ngokushesha futhi waqala kabusha ngo-2013 ngemuva kokuthi iCisco ithathe lo msebenzi.

Snor 3 izindaba eziphambili

Enguqulweni entsha ye- I-Snort 3 idluliselwe kusistimu entsha yokusetha, enikeza i-syntax eyenziwe lula futhi inika amandla ukusetshenziswa kwezikripthi ukukhiqiza ukucupha ngamandla. I-LuaJIT isetshenziselwa ukucubungula amafayela wokumisa, futhi ama-plugins asuselwa ku-LuaJIT anezinketho ezingeziwe zemithetho nohlelo lokubhalisa.

Olunye ushintsho olugqamile yilolo injini yenziwe yesimanje ukuthola ukuhlaselwa, imithetho ibuyekeziwe, kwengezwe amandla okubopha ama-buffers emithethweni (okunamathelayo okunamathelayo) nenjini yokusesha ye-Hyperscan nayo yasetshenziswa, eyenza ukuthi kube nokwenzeka ukusebenzisa amaphethini aqalayo ngokushesha futhi ngokunembile ngokuya ngezincazelo ezijwayelekile emithethweni;

Futhi, ku-Snort 3 ingeze imodi entsha yokuzazisa ye-HTTP okuchazwa ngeseshini futhi okubandakanya ama-99% ezimo ezisekelwa i-suite yokuhlola ye-HTTP Evader, kanye nohlelo lokuhlola olwengeziwe lwethrafikhi ye-HTTP / 2.

Ukusebenza kwemodi yokuhlola iphakethe ejulile kuthuthukisiwe kakhulu. Amandla wokucubungula amaphakethe amaningi afakiwe, avumela ukwenziwa ngasikhathi sinye kwemicu eminingi eneziphathi zamaphakethe nokunikeza ukukala okulinganayo okususelwa kwinani lama-CPU cores.

Isitoreji esivamile samatafula wokumisa asetshenzisiwe nezimpawu, okwabelwana ngazo kumasistimu ahlukene, okunciphise kakhulu ukusetshenziswa kwememori ngokususa ukuphindaphindwa kolwazi.

Ngaphezu kwalokho, futhi ukugqanyiselwa ekwakhiweni kwe-modular kugqanyisiwe, ikhono lokwelula ukusebenza ngama-plug-ins kanye nokuqaliswa kwezinsiza ezingukhiye ngendlela yama-plug-ins angashintshwa.

Okwamanje kunama-plugins angaphezu kwama-200 we-Snort 3, ahlanganisa ukusetshenziswa okuhlukahlukene, njengokukuvumela ukuthi ungeze ama-codec akho, izindlela zokuhlola, izindlela zokubhalisa, izenzo, nezinketho kwimithetho.

Kwezinye izinguquko ezigqame kusuka enguqulweni entsha:

  • Kungezwe ukusekelwa kwefayela ukukhipha ngokushesha izilungiselelo ezihlobene nezilungiselelo ezizenzakalelayo.
  • Ukusetshenziswa kwe-snort_config.lua ne-SNORT_LUA_PATH kunqanyuliwe ukwenza lula ukumiswa.
  • Kungezwe usekelo lokuphinda ulayishe izilungiselelo endizeni.
  • Uhlelo olusha lomcimbi olusebenzisa ifomethi ye-JSON futhi luhlangana kalula namapulatifomu angaphandle anjenge-Elastic Stack.
  • Ukutholwa okuzenzakalelayo kwezinsizakalo ezisebenzayo, kuqeda isidingo sokucacisa ngesandla amachweba wenethiwekhi asebenzayo.
  • Ikhodi inikeza amandla okusebenzisa ukwakhiwa kwe-C ++ okuchazwe kuzinga le-C ++ 14 (Umhlangano udinga umhlanganisi osekela i-C ++ 14).
  • Isilawuli esisha se-VXLAN sesingeziwe.
  • Ukusesha okuthuthukisiwe kwezinhlobo zokuqukethwe ngokuqukethwe kusetshenziswa ezinye izindlela ezibuyekeziwe ze-Boyer-Moore ne-Hyperscan algorithms.
  • Ukwethulwa okusheshayo ngokusebenzisa imicu eminingi ukuhlanganisa amaqembu emithetho;
  • Kungezwe indlela entsha yokubhalisa.
  • Uhlelo lokuhlola i-RNA (Real-time Network Awareness) lungeziwe, oluqoqa imininingwane ngezinsizakusebenza, abaphathi, izinhlelo kanye nezinsizakalo ezitholakala kwinethiwekhi.

Okokugcina uma ufuna ukwazi kabanzi ngayo mayelana nenguqulo entsha, ungabheka imininingwane ekulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.