Showing posts with label firewall. Show all posts
Showing posts with label firewall. Show all posts

Snort 2.9.4Beta Released

Labels:
, , ,

Snort 2.9.4 Beta is now available on snort.org. Snort is a powerful network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks.
snort large

Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.

Snort 2.9.4Beta release
  • Consolidation of IPv6 — now only a single build supports both IPv4 & IPv6, and removal of the IPv4 “only” code paths.
  • File API and infrastructure improvements to file processing for HTTP downloads and email attachments via SMTP, POP, and IMAP to facilitate broader file support
  • Use of address space ID for tracking Frag & Stream connections when it is available with the DAQ
  • Logging of packet data that triggers PPM for post-analysis via Snort event
  • Decoding of IPv6 with PPPoE


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Thursday, October 04, 2012  

Firewalk 0.99.1 - The Advanced traceroute

Labels:
, , , ,

Firewalking is a technique developed by Mike Schiffman and David Goldsmith that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks.
Firewalk

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets on the floor and we will see no response.

To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan. It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.

The newest version of the tool, firewalk/GTK introduces the option of using a graphical interface and a few bug fixes.


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Tuesday, June 05, 2012  

Subscribe to: Posts (Atom)