exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 25 of 44

Files from Vern Paxson

Zeek 5.0.6

Posted Feb 2, 2023

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Three security issues and five additional bugs have been addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 8e09916c43beba457f76484be46dad2858a5983d95624e55a70e06a1c76ce2d2

Download | Favorite | View

Zeek 5.0.5

Posted Jan 10, 2023

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Updated broker to version 2.3.6. This broker release fixes some failures when building against Python 3.11 and above.

tags | tool, intrusion detection

systems | unix

SHA-256 | 3efed010ab2dcf623667d13b485dfec6d28f2b65f97e4c9f0f9192c37ace88d1

Download | Favorite | View

Zeek 5.0.4

Posted Nov 23, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes security issues where a specially-crafted series of HTTP 0.9 packets can cause Zeek to spend large amounts of time processing the packets, a specially-crafted FTP packet can cause Zeek to spend large amounts of time processing the command, and a specially-crafted IPv6 packet can cause Zeek to overflow memory and potentially crash. Fixed a potential stall in Broker’s internal data pipeline.

tags | tool, intrusion detection

systems | unix

SHA-256 | d01aa72864b1128513c0b3667148e765f83cd9f0befe9a751c51f0f19a8ba280

Download | Favorite | View

Zeek 5.0.3

Posted Nov 9, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed an issue where a specially-crafted FTP packet can cause Zeek to spend large amounts of time attempting to search for valid commands in the data stream. Fixed a possible overflow in the Zeek dictionary code that may lead to a memory leak. Fixed an issue where a specially-crafted packet can cause Zeek to spend large amounts of time reporting analyzer violations. Fixed a possible assert and crash in the HTTP analyzer when receiving a specially-crafted packet. Fixed an issue where a specially-crafted HTTP or SMTP packet can cause Zeek to spend a large amount of time attempting to search for filenames within the packet data. Fixed two separate possible crashes when converting processed IP headers for logging via the raw_packet event handlers. Various other bug fixes.

tags | tool, intrusion detection

systems | unix

SHA-256 | 8f16ed6b51f63f7efaca506c4ee0396b0fd03e83cb6358dbd9ea6ffe5fd0b657

Download | Favorite | View

Zeek 5.0.2

Posted Sep 20, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed a possible overflow and crash in the ICMP analyzer when receiving a specially crafted packet. Fixed a possible overflow and crash in the IRC analyzer when receiving a specially crafted packet. Fixed a possible overflow and crash in the SMB analyzer when receiving a specially crafted packet. Fixed two possible crashes when converting IP headers for output via the raw_packet event. Fixed a bug that prevented Broker nodes to recover from OpenSSL errors. Fixed handling of buffer sizes that caused Broker to stall despite having sufficient capacity. Fixed an issue with signal handling that could prevent Zeek from exiting via ctrl-c when reading scripts from stdin.

tags | tool, intrusion detection

systems | unix

SHA-256 | 7089fcc06d13803fc7ce19fdc49f96183efd797be3a4fdca083240b9b46e1d2f

Download | Favorite | View

Zeek 5.0.1

Posted Aug 30, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed potential overflow in modbus analyzer's bytestring_to_coils. Reset packet cap_len before returning from IP::AnalyzePacket. Swap DNS EDNS field order to match script-land type. Added some sanity checking to BadARPEvent method. Checks for valid ip_hdr length before trying to make a Val out of it. Updated broker submodule to 2.3.2 release tag. Various additional updates since the last release.

tags | tool, intrusion detection

systems | unix

SHA-256 | 3cd43ae446200e7e59a89a9bf8190d964f3198e517f5d4be9cc1daba67ba0b81

Download | Favorite | View

Zeek 5.0.0

Posted Jul 6, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Zeek now requires at least CMake version 3.15.0. The script-land union and timer types have been removed. Broker now uses a new network backend with a custom network protocol that is incompatible with the pre-5.0 backend. A large amount of new functionality and changes to functionality have been made in this release and it is suggested you review the entire changelog.

tags | tool, intrusion detection

systems | unix

SHA-256 | d0d300fd8d9a1a485a0198c52e9773db7c532820faaea797e4c63aafac63fd7e

Download | Favorite | View

Zeek 4.2.2

Posted Jun 6, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed a potential hang in the DNS analyzer when receiving a specially-crafted packet.

tags | tool, intrusion detection

systems | unix

SHA-256 | f50dd7db8b809a74a72d402494afa00b432ef1e87cd5913687feee21573c700c

Download | Favorite | View

Zeek 4.2.1

Posted Apr 22, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed a potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands that could lead to a buffer overflow. Fix to ensure both protocol and analyzer confirmation and violation events can be called. Addressed an issue where empty table constructors with &default attributes may cause a crash. Fixed a bug in ZAM when a function containing a loop is inlined. Reduced the interpreter frames generated by ZAM when inlining function bodies. Various other updates.

tags | tool, intrusion detection

systems | unix

SHA-256 | 6b13489b30494c7c5dda453fc50981e5943d6715b6c9b5b7a85abb80bbe6d116

Download | Favorite | View

Zeek 4.2.0

Posted Jan 27, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: 1 breaking change, 17 new functionality additions, and 9 modifications.

tags | tool, intrusion detection

systems | unix

SHA-256 | 8d9a028ca9fec7ad4a9e48a763e296052384cf402ea4cd371577bff183c27451

Download | Favorite | View

Zeek 4.1.1

Posted Oct 27, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Two security issues and four bugs have been addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 8c0afc999a8dd1c1f677a5cf818479b99c2d527e679e1ef99fb1b03f989c0373

Download | Favorite | View

Zeek 4.0.4

Posted Sep 23, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release addresses six bugs and two security issues.

tags | tool, intrusion detection

systems | unix

SHA-256 | d9991de344fa8ed8c92d130837309655dc9e22c4f5e53c141dce6deee5c0505c

Download | Favorite | View

Zeek 4.0.3

Posted Jul 7, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Updates added to skip input framework entries with missing but non-optional fields, address a segfault in input framework when reading unset fields, deprecate stepping-stone analyzer events, and more.

tags | tool, intrusion detection

systems | unix

SHA-256 | 33ee6b2aa96d127b7273ce337552bc7b2abf4910aa7a431dfc9ec606a4e233db

Download | Favorite | View

Zeek 4.0.2

Posted Jun 3, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Five bug fixes and two denial of service conditions addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 550713a9d3fd348783f39c959af7e569164c95b96cc3be28d7d5557bdeebfd95

Download | Favorite | View

Zeek 4.0.1

Posted Apr 22, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This is a release that addresses quite a few bugs including a null-pointer dereference vulnerability.

tags | tool, intrusion detection

systems | unix

SHA-256 | 659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3a

Download | Favorite | View

Zeek 4.0.0

Posted Mar 2, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Added support for EDNS0 Cookie and Keep-Alive options. Added new Packet Analysis plugin architecture for parsing packet headers at layers below the existing Session analysis plugins. A few other additions as well as improvements to capture-loss.zeek.

tags | tool, intrusion detection

systems | unix

SHA-256 | f2eedab3262eaa3f58a83442b1f38bad35ed72399564917b71bba42266f1ff54

Download | Favorite | View

Zeek 3.2.4

Posted Feb 23, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: A denial of service issue has been addressed as well as two bugs.

tags | tool, intrusion detection

systems | unix

SHA-256 | d5a984d383c0cc337e18d3d65b969e8566ab8a6fc38e9c6d39ba4a101027be85

Download | Favorite | View

Zeek 3.2.3

Posted Dec 16, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes a security issue and about a half dozen other bugs.

tags | tool, intrusion detection

systems | unix

SHA-256 | f9295c2dd4076a71042bc83a267b0b0d5d5db291d7c7a12b6c5bac75292bc2c6

Download | Favorite | View

Zeek 3.2.2

Posted Oct 8, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed multipart MIME leak of sub-part found after closing-boundary. Improved CI benchmark script's error handling/messaging. Fixed incorrect RSTOS0 conn_state determinations.

tags | tool, intrusion detection

systems | unix

SHA-256 | 6c5748c49207241977a0d9fcbac8ce3b6abbf866ff29469fd0c2dcd3d4f99d01

Download | Favorite | View

Zeek 3.2.1

Posted Sep 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: A security issue along with multiple bugs were addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 1ebcc73815b00df7b7f578d34cd0278030857b6c082aaff416016b00d3d1cb67

Download | Favorite | View

Zeek 3.2.0

Posted Aug 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Zeek now caches certificates if they have (by default) been encountered more than 10 times in 62 seconds. Add parsing support for Remote Desktop Protocol UDP Transport Extension (RDPEUDP versions 1 and 2).

tags | tool, intrusion detection

systems | unix

SHA-256 | af3ee5635140a54d305667983d38ea28f36457c9f2f8727e90ea3ef00b22c44f

Download | Favorite | View

Zeek 3.1.5

Posted Jul 28, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple stack overflows fixed as well as various bug fixes.

tags | tool, intrusion detection

systems | unix

SHA-256 | b944e8d47ac435bf83ba61cbfb66ce49eb11ca2fbbde1dc2bae638097ae399e7

Download | Favorite | View

Zeek 3.1.4

Posted Jun 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Various bug fixes.

tags | tool, intrusion detection

systems | unix

SHA-256 | d72b8bcba0def6ba93b650d6f25896d9326ee0b02113b80696f47b08bd73e964

Download | Favorite | View

Zeek 3.1.3

Posted May 8, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a buffer over-read in the Ident analyzer. Various other bug fixes as well.

tags | tool, intrusion detection

systems | unix

SHA-256 | d7bf24615c4c0af2435c99c9fb8c9c0f0ecdce375e184ba7f63b715ae5900a61

Download | Favorite | View

Zeek 3.1.2

Posted Apr 15, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a stack overflow in the POP3 analyzer. Various other bug fixes as well.

tags | tool, intrusion detection

systems | unix

SHA-256 | 1858725fd6d04a1af3c2798c341529aa0d229e838b6476f036156dc5dd254aa1

Download | Favorite | View