ProHoster > Блог > wararka internetka > Nidaamka ogaanshaha weerarka ee Suricata 8.0 waa la heli karaa

Nidaamka ogaanshaha weerarka ee Suricata 8.0 waa la heli karaa

Ka dib laba sano oo horumar ah, Hay'adda Amniga Macluumaadka Furan (OISF) waxay soo saartay nooca 8.0 ee nidaamka ogaanshaha iyo ka hortagga faragelinta shabakadda Suricata, kaas oo bixiya qalab lagu baaro noocyada kala duwan ee taraafikada. Qaabeynta Suricata waxay taageertaa isticmaalka xogta saxiixa ee uu sameeyay mashruuca Snort, iyo sidoo kale xeerarka Pro ee Hanjabaadaha Soo Baxaya iyo Hanjabaadaha Soo Baxaya. Koodhka isha mashruuca waxaa lagu qaybiyaa shatiga GPLv2.

Isbeddellada ugu waaweyn:

  • Awood tijaabo ah oo lagu daray si loogu isticmaalo Suricata dab-damis ahaan. Habka Firewall wuxuu ogolaanayaa isticmaalka lahjadda sharciyada kormeerka taraafikada luqadda si loo shaandheeyo xirmooyinka shabakada.
  • Awoodda qoraalka qoraallada Lua dib ayaa loo habeeyey. Turjubaanka Lua 5.4 waxa lagu dhex daray saldhiga code-ka, isaga oo ku socda jawi bacaad lagu lisay oo xaddidaya xeerarka Lua (tusaale ahaan, xeerarku ma qori karaan faylasha ama ma samayn karaan godad shabakadeed).
  • Awoodda si firfircooni leh (waqtiga runtime) loo diiwaan geliyo plugins leh baarayaasha borotokoolka, baaraha iyo qaybaha gaynta ayaa la bixiyaa.
  • Hagaajinta waxqabadka ee muhiimka ah ayaa la hirgeliyay, taasoo dardar gelisay dhinacyo kala duwan oo matoorka ah, oo ay ku jiraan ogaanshaha hab-maamuuska, rarista xeerarka, iyo bilaabista. Horumarradan waxaa lagu gaaray saadaalinta laamaha, hagaajinta shaqada hash, kordhinta cabbirrada kaydinta xogta PCAP, iyo dib-u-habaynta isku-dubaridka qulqulka. Waqtiga bilowga Suricata ayaa sidoo kale la dhimay iyada oo loo marayo kaydinta, isku-darka dekedaha oo la ballaariyay, iyo algorithm beddelka cinwaanka IP oo la hagaajiyay.
  • Shaqaalaha LibHTP, FTP, iyo ENIP, iyo sidoo kale koodhka loogu talagalay falanqaynta noocyada MIME, hawlgallada byte_extract, iyo dejinta base64, ayaa dib loogu qoray Rust.
  • Waxaa lagu daray taageero DoH (DNS oo ka badan HTTPS), LDAP, mDNS (DNS Multicast) iyo borotokoollada Websocket.
  • Waxaa lagu soo daray qaab-qodeynta cusub iyo cutubyada gaynta ee borotokoolka ARP iyo POP3.
  • Waxaa la bixiyay kala-soocidda SDP ee SIP iyo SIP ee taraafikada TCP.
  • Matoorka ogaanshaha borotokoolka iyo dhisidda xeerarka ayaa la ballaariyay. Erayada muhiimka ah ee soo socda hadda waa la taageerayaa: LDAP, MIME/EMAIL, vlan.id, DNS, SMTP, FTP, TLS, tcp.wscale, pgsql.query, from_base64, entropy, luaxform, iyo mDNS. Xeerarka macaamil ganacsiyeedka ayaa lagu daray, taasoo u oggolaanaysa labada jiho ee macaamil ganacsiyeed in lagu sharaxo hal xeer.

Sifooyinka Suricata:

    • Qaabka Unified2, oo sidoo kale uu isticmaalo mashruuca Snort, ayaa loo isticmaalaa in lagu soo saaro natiijooyinka sawir-qaadista, taasoo u oggolaanaysa isticmaalka qalabka falanqaynta caadiga ah sida barnyard2. Is-dhexgalka alaabada BASE, Snorby, Sguil, iyo SQueRT waa la taageeraa. Soo saarista qaabka PCAP waa la taageeraa;
    • Taageerada ogaanshaha borotokoolka otomaatiga ah (IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, iwm.), taasoo u oggolaanaysa qawaaniintu inay ku shaqeeyaan oo keliya nooca borotokoolka, iyada oo aan la tixraacin lambarka dekedda (tusaale ahaan, xannibidda taraafikada HTTP ee dekedda aan caadiga ahayn). Helitaanka dekoders-ka borotokoollada HTTP, SSL, TLS, SMB, SMB2, DCERPC, SMTP, FTP, LDAP iyo SSH;
    • Nidaam falanqayn taraafikada HTTP ah oo adeegsada maktabadda HTP, oo uu sameeyay qoraaga mashruuca Mod_Security, si loo falanqeeyo loona caadiyeeyo taraafikada HTTP. Qayb loogu talagalay ilaalinta diiwaangelinta faahfaahsan ee wareejinta gaadiidka HTTP ayaa diyaar ah (diiwaanka waxaa lagu keydiyaa qaabka caadiga ah ee Apache). Soo saarista iyo xaqiijinta faylasha lagu wareejiyay HTTP waa la taageeraa, iyo sidoo kale falanqaynta waxyaabaha la cadaadiyay. Aqoonsiga URI, cookie, cinwaanada, wakiilka isticmaalaha, iyo hay'adda codsiga/jawaabta waa suurtagal.
    • Taageerada is-dhexgalyada kala duwan ee ka-hortagga taraafikada, oo ay ku jiraan NFQueue, IPFRing, LibPcap, IPFW, AF_PACKET, PF_RING. Waa suurtagal in lagu falanqeeyo faylalka horay loo keydiyay oo qaab PCAP ah;
    • Waxqabadka sare, awoodda lagu socodsiiyo socodka tobanaan gigabits halkii ilbiriqsi ee qalabka caadiga ah.
    • Mashiin u dhigma maaskaro wax qabad sare leh oo loogu talagalay xirmooyin badan oo cinwaannada IP ah. Taageerada soo saarista nuxurka waji-xidhka iyo tibaaxaha joogtada ah. Soo saarista galalka taraafikada, oo ay ku jiraan aqoonsigooda magac ahaan, nooca ama xashiishka.
    • Suurtagalnimada isticmaalka doorsoomayaasha xeerarka: waxaad kaydin kartaa macluumaadka durdur ka dibna u isticmaal xeerar kale;
    • Isticmaalka qaabka YAML ee faylasha habaynta, kaas oo isku daraya caddeynta iyo fududaynta farsamaynta mashiinka;
    • Taageero buuxda IPv6;
    • Matoorka lagu dhex dhisay si toos ah u jajabinta iyo dib-u-ururinta baakadaha, u oggolaanaya habaynta saxda ah ee durdurrada, iyada oo aan loo eegin nidaamka ay baakidhyadu yimaadaan;
    • Taageerada hab-raacyada tunneling-ka: Teredo, IP-IP, IP6-IP4, IP4-IP6, GRE;
    • Taageerada furista xirmada: IPV4, IPV6, TCP, UDP, SCTP, ICMPv4, ICMPv6, GRE, Ethernet, PPP, ARP, PPPoE, Raw, SLL, VLAN;
    • Habka diiwaangelinta ee furayaasha iyo shahaadooyinka loo isticmaalo isku xirka ku salaysan TLS;
    • Awoodda lagu qoro qoraallada Lua si loo falanqeeyo taraafikada horumarsan iyo hirgelinta sifooyin dheeraad ah oo aan ku filnayn xeerarka caadiga ah.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster