19
I Use This!
Activity Not Available

News

Analyzed 11 months ago. based on code collected 11 months ago.
Posted over 9 years ago by [email protected] (Victor Julien)
The OISF development team is proud to announce Suricata 2.1beta4. This is the fourth beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch. Download Get the new release here: ... [More] http://www.openinfosecfoundation.org/download/suricata-2.1beta4.tar.gz New Features Feature #1448: xbits support Feature #336: Add support for NETMAP to Suricata Feature #885: smtp file_data support Feature #1394: Improve TCP reuse support Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces using PPPoE Feature #1447: Ability to reject ICMP traffic Feature #1410: add alerts to EVE’s drop logs Improvements Optimization #1014: app layer reassembly fast-path Optimization #1377: flow manager: reduce (try)locking Optimization #1403: autofp packet pool performance problems Optimization #1409: http pipeline support for stateful detection Bug #1314: http-events performance issues Bugs Bug #1340: null ptr dereference in Suricata v2.1beta2 Bug #1352: file list is not cleaned up Bug #1358: Gradual memory leak using reload (kill -USR2 $pid) Bug #1366: Crash if default_packet_size is below 32 bytes Bug #1378: stats api doesn’t call thread deinit funcs Bug #1384: tcp midstream window issue (master) Bug #1388: pcap-file hangs on systems w/o atomics support (master) Bug #1392: http uri parsing issue (master) Bug #1393: CentOS 5.11 build failures Bug #1398: DCERPC traffic parsing issue (master) Bug #1401: inverted matching on incomplete session Bug #1402: When re-opening files on HUP (rotation) always use the append flag. Bug #1417: no rules loaded – latest git – rev e250040 Bug #1425: dead lock in de_state vs flowints/flowvars Bug #1426: Files prematurely truncated by detection engine even though force-md5 is enabled Bug #1429: stream: last_ack update issue leading to stream gaps Bug #1435: EVE-Log alert payload option loses data Bug #1441: Local timestamps in json events Bug #1446: Unit ID check in Modbus packet error Bug #1449: smtp parsing issue Bug #1451: Fix list-keywords regressions Bug #1463: modbus parsing issue Special thanks We’d like to thank the following people and corporations for their contributions and feedback: Kostya Kortchinsky of the Google Security Team the Yahoo Pentest Team Giuseppe Longo Alexander Gozman Ken Steele Andreas Moe David Diallo David Cannings David Maciejak Pierre Chifflier Tom DeCanio Zachary Rasmor Aleksey Katargin FireEye ANSSI Emerging Threats AFL project Coverity Scan Travis Green Darien Huss Greg Siemon Alessandro Guido Antti Tönkyrä Ray Ruvinskiy Eduardo Arada Michael Rash Known issues & missing features In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. Training & Support Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see http://suricata-ids.org/training/ For support options also see http://suricata-ids.org/support/ About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted over 9 years ago by [email protected] (Victor Julien)
The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of important issues in the 2.0 series. The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash ... [More] Suricata. This issue was reported by Kostya Kortchinsky of the Google Security Team and was fixed by Pierre Chifflier of ANSSI. Those processing large numbers of (untrusted) pcap files need to update as a malformed pcap could crash Suricata. Again, credits go to Kostya Kortchinsky. A number of other issues were fixed. Upgrading is highly recommended. Download Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.8.tar.gz We have a new release key (the previous expired): http://www.openinfosecfoundation.org/download/OISF.pub (00C1B70D) Changes Bug #1450: tls parsing issue Bug #1460: pcap parsing issue Bug #1461: potential deadlock Bug #1404: Alert-Debuglog not being rotated on SIGHUP Bug #1420: inverted matching on incomplete session Bug #1462: various issues in rule and yaml parsing Security The TLS/DER parsing issue has CVE-2015-0971 assigned to it. Special thanks We’d like to thank the following people and corporations for their contributions and feedback: Kostya Kortchinsky of the Google Security Team Pierre Chifflier of ANSSI Sundar Jeyaraman of FireEye Darien Huss — Emerging Threats Alexander Gozman AFL project Coverity Scan Known issues & missing features If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. Training & Support Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see http://suricata-ids.org/training/ For support options also see http://suricata-ids.org/support/ About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted over 9 years ago by [email protected] (Victor Julien)
The Open Information Security Foundation (OISF) is conducting its annual online elections to fill 7 positions on the OISF board of directors.  Board members serve a two year term, therefore, current board members along with new nominees are ... [More] included on this year's ballot. The upcoming OISF board will consist of 10 board members in total:  7 elected directors, President of OISF, Matt Jonkman, General Manager of OISF, Kelley Misata, and Suricata's Founder and Lead Developer, Victor Julien. Each nominee has provided a brief summary highlighting their industry experience and their passion for OISF; please take a minute to read about each of our distinguished nominees and to cast your votes NOW! Simply follow this link:  https://www.surveymonkey.com/s/Z2L6GXZ Polls will close Wednesday, April 15, 2015 with the new OISF Board announced on Thursday, April 16, 2015. Best of luck and thanks goes out to all of our nominees! Questions regarding elections can be sent to [email protected]. Thank you, The OISF Team [Less]
Posted almost 10 years ago by [email protected] (Victor Julien)
The Open Information Security Foundation is preparing hold the biennial (every two years) Board of Director elections and are putting out a call for nominations.  We are anticipating the next several years to be both exciting and critical ... [More] for OISF and Suricata, therefore, we are looking for candidates passionate about security and open source communities willing to serve as advisors on our board of directors.  Your voice has a direct impact on future of OISF and Suricata - join us! The call for nominations begins today until March 31, 2015. Online elections will begin April 1, 2015. Please consider joining our Board of Directors or nominating someone else who would be a great asset.  To help you decided, below are some answer to some common questions: 1. As an OISF board member what will I be asked to do? Meetings: The OISF Board of Directors meet quarterly to review foundation activities, upcoming events, financial status and strategic objectives.  Meetings are held via conference call and pre-scheduled to respect the busy schedules of our board members.  Additionally, we host annual OISF User Conferences in locations around the world with our objectives of building Suricata's development roadmap, showing appreciation for OISF's consortium members, and growing the community.  We would hope that board members make every effort to attend this important event.  Our 2015 OISF User Conference is currently being planned for early November in Barcelona, Spain.Advocacy: Board members will be asked to actively promote OISF, Suricata, and our events throughout the year.  OISF and Suricata exist because of the commitment of our community and we look to our board members to actively help us grow our presence in the world.Expert Advice: Board members are expected to actively provide expertise, advice and professional connections necessary to help OISF make great strides both technologically and growing the community. 2. How large is the OISF board? The current OISF board currently consisted of 6 members from the community - led by Matt Jonkman, Kelley Misata, and Victor Julien of OISF.  We will be expanding our board to 7 members serving for a 2 year term. 3. What is in it for me if I become an OISF board member? As a board member you will have the opportunity to steer an innovative and cutting edge open source technology, to be an integral part of the decision making process for OISF and have a beneficiary priority status in all OISF and Suricata related public or private events.  Board members will be publicly acknowledged in OISF or Suricata related events and added to the OISF website spotlighting their professional bios.  Depending on OISF's financial capacity we are hoping to offer board members partial travel reimbursement to attend the annual OISF User Conferences - this is not guaranteed, but something we are hoping to be able to offer our board members. 4. I'm interested in nominating myself or someone I know - how do I do it? It's simple - submit your name, name of your employer and a brief statement outlining your experience and reasons for running to be on the OISF board to [email protected] by 5 pm EST Tuesday, March 31, 2015.  Please note, the information provided in the nomination will be included on the PUBLIC election ballots so please be brief. Elections will begin Wednesday, April 1st and conclude on Wednesday, April 15th.  The OISF Board Members will then be announced on Thursday, April 16th. If you have any questions please do not hesitate to reach out to us directly at [email protected] OR reply to list to start a conversation with the community about this process. Thank you, The OISF Team [Less]
Posted almost 10 years ago by [email protected] (Victor Julien)
The OISF development team is pleased to announce Suricata 2.0.7. This release fixes a number of important issues in the 2.0 series. Two major issues. The first was brought to our attention by the Yahoo Pentest Team. It’s a parsing issue in the ... [More] DCERPC parser that can happen when Suricata runs out of memory. The exact scope of the problem isn’t clear, but it could certainly lead to crashes. RCE might theoretically be possible but looks like it’s very hard. The second issue was reported by Darien Huss of Emerging Threats. This is technically a libhtp issue, but it affects Suricata detection and logging. Certain characters in the URI could confuse the parsing of the HTTP request line, leading to possible detection bypass for ‘http_uri’ and to incomplete logging of the URI. Libhtp 0.5.17 has been released to address this and is bundled in 2.0.7. Other than that a bunch of improvements and fixes. It should work again on CentOS 5. Midstream TCP was improved and some performance optimizations for HTTP proxy traffic were made. Upgrading is highly recommended. Download Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.7.tar.gz Changes Bug #1385: DCERPC traffic parsing issue Bug #1391: http uri parsing issue Bug #1383: tcp midstream window issue Bug #1318: A thread-sync issue in streamTCP Bug #1375: Regressions in list keywords option Bug #1387: pcap-file hangs on systems w/o atomics support Bug #1395: dump-counters unix socket command failure Optimization #1376: file list is not cleaned up Security The DCERPC parsing issue has CVE-2015-0928 assigned to it. Special thanks We’d like to thank the following people and corporations for their contributions and feedback: The Yahoo Pentest Team Darien Huss — Emerging Threats FireEye Dennis Lee Known issues & missing features If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted almost 10 years ago by [email protected] (Victor Julien)
The OISF development team is proud to announce Suricata 2.1beta3. This is the third beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch. Download Get the new release here: ... [More] http://www.openinfosecfoundation.org/download/suricata-2.1beta3.tar.gz New Features Feature #1309: Lua support for Stats output Feature #1310: Modbus parsing and matching Improvements Optimization #1339: flow timeout optimization Optimization #1371: mpm optimization Feature #1317: Lua: Indicator for end of flow Feature #1333: unix-socket: allow (easier) non-root usage Feature #1261: Request for Additional Lua Capabilities Bugs Bug #977: WARNING on empty rules file is fatal (should not be) Bug #1184: pfring: cppcheck warnings Bug #1321: Flow memuse bookkeeping error Bug #1327: pcre pkt/flowvar capture broken for non-relative matches (master) Bug #1332: cppcheck: ioctl Bug #1336: modbus: CID 1257762: Logically dead code (DEADCODE) Bug #1351: output-json: duplicate logging (2.1.x) Bug #1354: coredumps on quitting on OpenBSD Bug #1355: Bus error when reading pcap-file on OpenBSD Bug #1363: Suricata does not compile on OS X/Clang due to redefinition of string functions (2.1.x) Bug #1365: evasion issues (2.1.x) Special thanks We’d like to thank the following people and corporations for their contributions and feedback: Ken Steele — Tilera/EZchip David Diallo Duarte Silva Giuseppe Longo Jason Ish Travis Green — Emerging Threats Known issues & missing features In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted almost 10 years ago by [email protected] (Victor Julien)
The OISF development team is pleased to announce Suricata 2.0.6. This release fixes a number of important issues in the 2.0 series. The most important part is the fixing of evasion issues, therefore upgrading is highly recommended! Download Get ... [More] the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.6.tar.gz Changes Bug #1364: evasion issues Bug #1337: output-json: duplicate logging Bug #1325: tls detection leads to tcp stream reassembly sequence gaps (IPS) Bug #1192: Suricata does not compile on OS X/Clang due to redefinition of string functions Bug #1183: pcap: cppcheck warning Special thanks We’d like to thank the following people and corporations for their contributions and feedback: Martin Küchler Known issues & missing features If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted about 10 years ago by [email protected] (Victor Julien)
The OISF development team is pleased to announce Suricata 2.0.5. This release fixes a number of important issues in the 2.0 series. Download Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.5.tar.gz Changes ... [More] Bug #1190: http_header keyword not matching when SYN|ACK and ACK missing Bug #1246: EVE output Unix domain socket not working Bug #1272: Segfault in libhtp 0.5.15 Bug #1298: Filestore keyword parsing issue Bug #1303: improve stream ‘bad window update’ detection Bug #1304: improve stream handling of bad SACK values Bug #1305: fix tcp session reuse for ssh/ssl sessions Bug #1307: byte_extract, within combination not working Bug #1326: pcre pkt/flowvar capture broken for non-relative matches Bug #1329: Invalid rule being processed and loaded Bug #1330: Flow memuse bookkeeping error (2.0.x) Special thanks We’d like to thank the following people and corporations for their contributions and feedback: Jason Ish — Endace/Emulex Ken Steele — Tilera lessyv Tom DeCanio — FireEye Andreas Herz Matt Carothers Duane Howard Edward Fjellskål Giuseppe Longo Known issues & missing features If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted about 10 years ago by [email protected] (Victor Julien)
The OISF development team is proud to announce Suricata 2.1beta2. This is the second beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch. Download Get the new release here: ... [More] http://www.openinfosecfoundation.org/download/suricata-2.1beta2.tar.gz New Features Feature #549: Extract file attachments from emails Feature #1312: Lua output support Feature #899: MPLS over Ethernet support Feature #383: Stream logging Improvements Feature #1263: Lua: Access to Stream Payloads Feature #1264: Lua: access to TCP quad / Flow Tuple Feature #707: ip reputation files – network range inclusion availability (cidr) Bugs Bug #1048: PF_RING/DNA config – suricata.yaml Bug #1230: byte_extract, within combination not working Bug #1257: Flow switch is missing from the eve-log section in suricata.yaml Bug #1259: AF_PACKET IPS is broken in 2.1beta1 Bug #1260: flow logging at shutdown broken Bug #1279: BUG: NULL pointer dereference when suricata was debug mode. Bug #1280: BUG: IPv6 address vars issue Bug #1285: Lua – http.request_line not working (2.1) Bug #1287: Lua Output has dependency on eve-log:http Bug #1288: Filestore keyword in wrong place will cause entire rule not to trigger Bug #1294: Configure doesn’t use –with-libpcap-libraries when testing PF_RING library Bug #1301: suricata yaml – PF_RING load balance per hash option Bug #1308: http_header keyword not matching when SYN|ACK and ACK missing (master) Bug #1311: EVE output Unix domain socket not working (2.1) Special thanks We’d like to thank the following people and corporations for their contributions and feedback: Tom Decanio — FireEye Ken Steele — Tilera Giuseppe Longo — Emerging Threats & Ntop David Abarbanel — BAE Systems Jason Ish — Endace/Emulex Mats Klepsland Duarte Silva Bill Meeks Anoop Saldanha lessyv Known issues & missing features In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues. About Suricata Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
Posted about 10 years ago by [email protected] (Victor Julien)
The OISF team is proud to announce the start of the Suricata training program. In this program, we’ll be delivering 1 and 2 day user trainings for Suricata.Some of topics that will be covered over the course of the 2-days include: Compiling ... [More] , Installing, and Configuring Suricata Performance Factors, Rules and Rulesets Capture Methods and Performance Event / Data Outputs and Capture Hardware Troubleshooting Common Problems Advanced Tuning Integration with Other Tools This dynamic, hands-on, 2 day Suricata training will be delivered by the OISF development and support team.  So apart of the great content on how to install, use and troubleshoot Suricata, you will also have the great opportunity to talk in-depth about Suricata with it’s creators.Proceeds of the trainings go straight into supporting Suricata’s development, so not only will you learn a great deal, you’ll actually be supporting Suricata’s development by taking this training. We’re kicking off with 3 training sessions in Europe in the last quarter of 2014. For early 2015, we’re planning to do a number of US trainings. Keep an eye on this space for updates. Also, dedicated on-site training options are available.Amsterdam, October 13 and 14: 2 day trainingThis training session will take place on October 13 and 14 in down town Amsterdam. It will be given by Suricata lead developer Victor Julien, and OISF president and Emerging Threats CTO Matt Jonkman. Also in the room: master rule writer William Metcalf.You can register through eventbrite here: https://www.eventbrite.com/e/suricata-training-event-tickets-13264631871This event is generously hosted by our friends from Intelworks. Luxembourg, October 20: 1 day workshopThis workshop will take place on October 20 in the conference hotel of the excellent Hack.lu conference. It will be given by Suricata lead developer Victor Julien, Suricata developer Eric Leblond and Suricata expert Peter Manev.This event is generously hosted by our friends from Hack.lu. You can register through eventbrite here:https://www.eventbrite.com/e/suricata-workshop-hacklu-tickets-13329929177A registration / ticket for the Hack.lu conference is NOT required for this event. Of course, we do highly recommend the conference!DeepSec - Vienna, November 18 and 19: 2 day training eventThis training session will take place on November 18 and 19 at the DeepSec conference. It will be given by Victor Julien, Eric Leblond, Peter Manev and Matt Jonkman.The event is part of the DeepSec conference, so registrations/bookings go through: https://deepsec.net/register.htmlSee also http://blog.deepsec.net/?p=1893Trainings are tracked on their own page here: http://suricata-ids.org/training/. For questions or more info, please contact us at [email protected]! [Less]