UPDATE SNORT V-2.9.4.1 - network intrusion detection and prevention system

Release Notes v-2.9.4.1: This release updates file processing for partial HTTP content and MIME attachments, adds the new configuration option max_attribute_services_per_host and improves memory usage within attribute tables, handles excessive overlaps in frag3, adds Stream API updates to return a session key for a session, reduces false positives for TCP window slam events, updates to provide better encoding for TCP packets generated for “respond and react”, and disables non-ethernet decoders by default (for performance reasons)

Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.

Features

Protocol analysis and content searching/matching
Uses a flexible rules language to describe traffic that it should collect or pass
Detection engine that utilizes a modular plug-in architecture
Real-time alerting capability
Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more