what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 25 of 33

Files from Vern Paxson

Zeek 4.0.4

Posted Sep 23, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release addresses six bugs and two security issues.

tags | tool, intrusion detection

systems | unix

MD5 | df39f4f49a69086b3a2a2abbf807e6a3

Download | Favorite | View

Zeek 4.0.3

Posted Jul 7, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Updates added to skip input framework entries with missing but non-optional fields, address a segfault in input framework when reading unset fields, deprecate stepping-stone analyzer events, and more.

tags | tool, intrusion detection

systems | unix

MD5 | 39ec3bcfbe7f179ae042ad2cf424248d

Download | Favorite | View

Zeek 4.0.2

Posted Jun 3, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Five bug fixes and two denial of service conditions addressed.

tags | tool, intrusion detection

systems | unix

MD5 | d79d04932d6a656042fdb7e675dd0701

Download | Favorite | View

Zeek 4.0.1

Posted Apr 22, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This is a release that addresses quite a few bugs including a null-pointer dereference vulnerability.

tags | tool, intrusion detection

systems | unix

MD5 | 610c02b5b5ccaea7a1ac377534ab1894

Download | Favorite | View

Zeek 4.0.0

Posted Mar 2, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Added support for EDNS0 Cookie and Keep-Alive options. Added new Packet Analysis plugin architecture for parsing packet headers at layers below the existing Session analysis plugins. A few other additions as well as improvements to capture-loss.zeek.

tags | tool, intrusion detection

systems | unix

MD5 | 3178eb66e9ac62e8e61707d34c8855f9

Download | Favorite | View

Zeek 3.2.4

Posted Feb 23, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: A denial of service issue has been addressed as well as two bugs.

tags | tool, intrusion detection

systems | unix

MD5 | 12687bbdab008fa1c1f6d55ff97f3c20

Download | Favorite | View

Zeek 3.2.3

Posted Dec 16, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes a security issue and about a half dozen other bugs.

tags | tool, intrusion detection

systems | unix

MD5 | 3918275e225a850888d121fa738a5d89

Download | Favorite | View

Zeek 3.2.2

Posted Oct 8, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed multipart MIME leak of sub-part found after closing-boundary. Improved CI benchmark script's error handling/messaging. Fixed incorrect RSTOS0 conn_state determinations.

tags | tool, intrusion detection

systems | unix

MD5 | 843f2edb59fc6fa52762b2800fb2c3d3

Download | Favorite | View

Zeek 3.2.1

Posted Sep 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: A security issue along with multiple bugs were addressed.

tags | tool, intrusion detection

systems | unix

MD5 | 35951476e36aac86030ad9db983650f8

Download | Favorite | View

Zeek 3.2.0

Posted Aug 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Zeek now caches certificates if they have (by default) been encountered more than 10 times in 62 seconds. Add parsing support for Remote Desktop Protocol UDP Transport Extension (RDPEUDP versions 1 and 2).

tags | tool, intrusion detection

systems | unix

MD5 | 4bae25bd4e01037d36d2f2cbd5b1b24b

Download | Favorite | View

Zeek 3.1.5

Posted Jul 28, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple stack overflows fixed as well as various bug fixes.

tags | tool, intrusion detection

systems | unix

MD5 | a29c2571e6e57e454c25650efef9280f

Download | Favorite | View

Zeek 3.1.4

Posted Jun 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Various bug fixes.

tags | tool, intrusion detection

systems | unix

MD5 | b9d82fbd4964ea2d49c31653726d0dc0

Download | Favorite | View

Zeek 3.1.3

Posted May 8, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a buffer over-read in the Ident analyzer. Various other bug fixes as well.

tags | tool, intrusion detection

systems | unix

MD5 | 3174ea8d91b17fa7b7c568a4a9225b13

Download | Favorite | View

Zeek 3.1.2

Posted Apr 15, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a stack overflow in the POP3 analyzer. Various other bug fixes as well.

tags | tool, intrusion detection

systems | unix

MD5 | 3c5ce8d23e136fc9c676be617c2af95c

Download | Favorite | View

Zeek 3.1.1

Posted Mar 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This release fixes a potential high CPU load due to race in Broker data stores, a memory exhaustion issue, an incorrect symlink, and an improvement to allow some external plugins to compile.

tags | tool, intrusion detection

systems | unix

MD5 | 913d0f01da1c505a0d2e4845a1257a33

Download | Favorite | View

Zeek 3.1.0

Posted Feb 28, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added a new supervisor framework that enables Zeek to operate clusters. Various other additions and changes in functionality.

tags | tool, intrusion detection

systems | unix

MD5 | c570719350c921b2c7becfe0e4ee9922

Download | Favorite | View

Zeek 3.0.1

Posted Dec 10, 2019

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This release addresses a performance regression in JSON logging along with various other bug fixes.

tags | tool, intrusion detection

systems | unix

MD5 | 8067e609e8ac988131505f1d7da9c348

Download | Favorite | View

Zeek 3.0.0 (Formerly Known As Bro)

Posted Oct 5, 2019

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro is now known as Zeek. Added support for DNSSEC resource records RRSIG, DNSKEY, DS, NSEC, and NSEC3. Added support for parsing and logging DNS SPF resource records. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 6f952bac75a8b5299d45361da93fd9e9

Download | Favorite | View

Bro Network Security Monitor 2.6.4

Posted Aug 28, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address a potential denial of service vulnerability. The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.

tags | tool, intrusion detection

systems | unix

MD5 | 2c31485fa88bd2c42684ae9afa7d5b49

Download | Favorite | View

Bro Network Security Monitor 2.6.3

Posted Aug 9, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address potential denial of service vulnerabilities.

tags | tool, intrusion detection

systems | unix

MD5 | 498da0f8d334f27b2040e7075b60240c

Download | Favorite | View

Bro Network Security Monitor 2.6.2

Posted May 31, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Improved PE file analysis. Added options to tune binpac flowbuffer policy. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 38fa8313b25f4dff8723b3c47265ece1

Download | Favorite | View

Bro Network Security Monitor 2.6.1

Posted Dec 19, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Introduced --enable-static-broker configuration option. Update submodules Broker v1.1.2 and SQLite 3.26.0.

tags | tool, intrusion detection

systems | unix

MD5 | 36e2decedf77c20f09a3e11d59fdc2b2

Download | Favorite | View

Bro Network Security Monitor 2.6

Posted Nov 30, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added missing ICMP router advertisement counterpart. Removed unnecessary Bloom filter empty check. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | d228bd66a3fa969a8515a25445f484d1

Download | Favorite | View

Bro Network Security Monitor 2.5.5

Posted Aug 31, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed signed/unsigned comparison warning. Fixed SMTP command string comparisons. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 0731cac64562e113195a32758022f14e

Download | Favorite | View

Bro Network Security Monitor 2.5.4

Posted Jun 5, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a particular analyzer incorrectly assumed that the evaluated-array-length expression is actually the number of elements that were parsed out from the input. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 2bc85f51d6257378594775d04177ba30

Download | Favorite | View