Niels Horn's Blog

Archive for the 'snort' Category

December updates - lbench, snort and daq

December 26th, 2010 by Niels Horn in ARMedslack, Slackware, snort | No Comments »

December has been a busy month until now and probably will continue like this…
But today is Christmas, a good day to give some new packages to my visitors
Recently version 1.6 of lbench was released, a benchmark utility.
And last week version 2.9.0.3 of snort, the Intrusion Detection software, and version 0.5 of daq, the [...]

[Continue →]

Snort 2.9.0.1 and daq 0.3 released - Slackware packages available

November 20th, 2010 by Niels Horn in ARMedslack, Barnyard2, Slackware, snort | No Comments »

The beginning of this month a new version of Snort was released - 2.9.0.1. The companion Data Acquisition library (daq) was also upgraded to version 0.3.
I updated my SlackBuilds and installed the new versions on my server. I waited a bit before releasing the packages as there had been some reports on a new "Unknown [...]

[Continue →]

Barnyard2 - Unknown record type read: 110

November 11th, 2010 by Niels Horn in Barnyard2, snort | No Comments »

After my post about the "Unknown record type 104″ problem in Barnyard2, I received several e-mails recently about a new error that started popping up:
ERROR: Unknown record type read: 110
I had not seen this one myself, but did some quick investigating and found out that it is a new record type in Snort 2.9.0
This new [...]

[Continue →]

Snort 2.9.0 released - Slackware packages available

October 10th, 2010 by Niels Horn in ARMedslack, Slackware, snort | No Comments »

A few days ago Snort 2.9.0 was released. The official announcement can be read here.
This new version brings some essential changes to Snort that needed special attention.
New dependencies
libdnet is a "simplified, portable interface to several low-level networking routines" and has a SlackBuild on SlackBuilds.org.
daq is a new "Data Acquisition library" that can use several [...]

[Continue →]

Snort / Barnyard2 / BASE - Complete installation on Slackware

September 23rd, 2010 by Niels Horn in ARMedslack, Slackware, snort

Introduction
I have set up Snort a few times on a network to check for possible intrusion attempts. It is a very powerful tool to discover these attempts, based on rules that are frequently updated. Snort is a so-called "Intrusion Detection System" (=IDS), that can also be setup as a "Intrusion Prevention System".
Recently I needed Snort [...]

[Continue →]

Snort on Slackware

September 19th, 2010 by Niels Horn in ARMedslack, Slackware, snort | No Comments »

Snort is an "Intrusion Detection and Prevention System", or - in other words - a program that can detect attempts to attack your network and prevent them. It does this through a series of "rules" that try to detect if the traffic arriving / passing through is legitimate or suspicious.
These rules are regularly updated (as [...]

[Continue →]