ProHoster > Блог > labaran intanet > Sakin beta na ƙarshe na tsarin gano kutse na Snort 3

Sakin beta na ƙarshe na tsarin gano kutse na Snort 3

Kamfanin Cisco gabatar sigar beta ta ƙarshe na tsarin rigakafin harin da aka sake fasalin gaba ɗaya Ortunƙwasa 3, wanda kuma aka sani da aikin Snort++, wanda ke aiki akai-akai tun 2005. Ana shirin buga dan takarar da za a saki a karshen wannan shekarar.

A cikin sabon reshe, an sake yin tunanin samfurin gaba ɗaya kuma an sake fasalin gine-gine. Daga cikin wuraren da aka jaddada lokacin shirya sabon reshe, akwai sauƙaƙe na kafawa da ƙaddamar da Snort, sarrafa kansa ta atomatik, sauƙaƙe harshe don gina dokoki, ganowa ta atomatik na duk ka'idoji, samar da harsashi don sarrafawa daga umarnin. layi, aiki mai amfani na multithreading tare da samun damar raba na'urori daban-daban zuwa tsari ɗaya.

An aiwatar da manyan sabbin abubuwa masu zuwa:

  • An yi sauyi zuwa sabon tsarin daidaitawa wanda ke ba da ƙayyadaddun kalmomi kuma yana ba da damar yin amfani da rubutun don samar da saituna a hankali. Ana amfani da LuaJIT don aiwatar da fayilolin sanyi. Ana ba da plugins bisa LuaJIT tare da aiwatar da ƙarin zaɓuɓɓuka don dokoki da tsarin shiga;
  • An sabunta injin gano harin, an sabunta ƙa'idodin, kuma an ƙara ikon ɗaure buffers a cikin ƙa'idodi (masu buffers mai ɗaci). An yi amfani da injin bincike na Hyperscan, wanda ya sa ya yiwu a yi amfani da sauri da kuma daidaitattun abubuwan da aka haifar da su bisa ga maganganun yau da kullum a cikin dokoki;
  • An ƙara sabon yanayin introspection don HTTP wanda ke yin la'akari da yanayin zaman kuma yana rufe kashi 99% na yanayin da ɗakin gwajin ke goyan bayan HTTP Evader. Lambar don tallafawa HTTP/2 tana cikin haɓakawa;
  • An inganta aikin yanayin duba fakiti mai zurfi sosai. Ƙara ikon sarrafa fakitin zaren da yawa, yana ba da damar aiwatar da zaren da yawa tare da na'urori masu sarrafa fakiti tare da samar da sikelin layi dangane da adadin nau'ikan CPU;
  • An aiwatar da tsarin ajiya na yau da kullun da tebur na sifa, wanda aka raba tsakanin tsarin ƙasa daban-daban, wanda ya rage yawan ƙwaƙwalwar ajiya ta hanyar kawar da kwafin bayanai;
  • Sabuwar tsarin shiga taron ta amfani da tsarin JSON kuma cikin sauƙin haɗawa tare da dandamali na waje kamar Stack Elastic;
  • Canjawa zuwa tsarin gine-gine na zamani, ikon faɗaɗa ayyuka ta hanyar haɗa plugins da aiwatar da maɓalli na maɓalli a cikin nau'ikan plugins masu maye gurbin. A halin yanzu, an riga an aiwatar da plugins ɗari da yawa don Snort 3, wanda ke rufe yankuna daban-daban na aikace-aikacen, alal misali, ba ku damar ƙara codecs na ku, hanyoyin introspection, hanyoyin shiga, ayyuka da zaɓuɓɓuka a cikin dokoki;
  • Gano ayyuka masu gudana ta atomatik, kawar da buƙatar tantance tashoshin sadarwa masu aiki da hannu.

Canje-canje idan aka kwatanta da sakin gwaji na ƙarshe, wanda aka buga a cikin 2018:

  • Ƙara goyon baya don fayiloli don kawar da saitunan da sauri dangane da saitunan tsoho;
  • Lambar tana ba da damar yin amfani da ginin C ++ da aka ayyana a cikin ma'aunin C ++ 14 (gini yana buƙatar mai tarawa wanda ke goyan bayan C ++14);
  • An ƙara sabon mai sarrafa VXLAN;
  • Ingantattun bincike na nau'ikan abun ciki ta hanyar abun ciki ta amfani da sabunta madadin aiwatar da algorithm Boyer-More и Hyperscan;
  • An kusan kawo tsarin duba zirga-zirgar HTTP/2 zuwa cikakken shiri;
  • Ana haɓaka farawa ta hanyar amfani da zaren da yawa don haɗa ƙungiyoyin dokoki;
  • An ƙara sabon tsarin shiga;
  • Ingantattun gano kurakuran Lua da ingantattun jerin sahihan labarai;
  • An yi canje-canje don ba da damar sake loda saitunan akan tashi;
  • An ƙara tsarin dubawa na RNA (Real-time Network Awareness), tattara bayanai game da albarkatu, runduna, aikace-aikace da sabis da ake samu akan hanyar sadarwa;
  • Don sauƙaƙe tsari, an daina amfani da snort_config.lua da SNORT_LUA_PATH.

source: budenet.ru

Add a comment