October 11, 2002

Snort 2.0 released

An anonymous coward writes: "Snort 2.0 has been reengineered to use a new HTTP Protocol Flow Analyzer and Detection Engine. The Flow Analyzer optimizes data flow by reducing unnecessary data inspections while the Detection Engine uses a fast set-based rule selection methodology and a high performance multi-pattern search engine. The multi-pattern search engine uses a two-stage architecture to inspect data and find rule matches. The first stage of the multi-pattern search engine is a high-speed set-based inspection engine, which quickly identifies potential rule matches based on content and ports. The second stage is an enhanced rule processing engine, which provides additional functionality for in-depth validation of potential rule matches. Together, these enhancements greatly improve the performance and efficiency of Snort and help to reduce false alarms."

Link: Sourcefire.com


  • Open Source
Click Here!