exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 25 of 36

Files from Vern Paxson

Zeek 4.2.1

Posted Apr 22, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed a potential unbounded state growth in the FTP analyzer when receiving a specially-crafted stream of commands that could lead to a buffer overflow. Fix to ensure both protocol and analyzer confirmation and violation events can be called. Addressed an issue where empty table constructors with &default attributes may cause a crash. Fixed a bug in ZAM when a function containing a loop is inlined. Reduced the interpreter frames generated by ZAM when inlining function bodies. Various other updates.

tags | tool, intrusion detection

systems | unix

SHA-256 | 6b13489b30494c7c5dda453fc50981e5943d6715b6c9b5b7a85abb80bbe6d116

Download | Favorite | View

Zeek 4.2.0

Posted Jan 27, 2022

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: 1 breaking change, 17 new functionality additions, and 9 modifications.

tags | tool, intrusion detection

systems | unix

SHA-256 | 8d9a028ca9fec7ad4a9e48a763e296052384cf402ea4cd371577bff183c27451

Download | Favorite | View

Zeek 4.1.1

Posted Oct 27, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Two security issues and four bugs have been addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 8c0afc999a8dd1c1f677a5cf818479b99c2d527e679e1ef99fb1b03f989c0373

Download | Favorite | View

Zeek 4.0.4

Posted Sep 23, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release addresses six bugs and two security issues.

tags | tool, intrusion detection

systems | unix

SHA-256 | d9991de344fa8ed8c92d130837309655dc9e22c4f5e53c141dce6deee5c0505c

Download | Favorite | View

Zeek 4.0.3

Posted Jul 7, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Updates added to skip input framework entries with missing but non-optional fields, address a segfault in input framework when reading unset fields, deprecate stepping-stone analyzer events, and more.

tags | tool, intrusion detection

systems | unix

SHA-256 | 33ee6b2aa96d127b7273ce337552bc7b2abf4910aa7a431dfc9ec606a4e233db

Download | Favorite | View

Zeek 4.0.2

Posted Jun 3, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Five bug fixes and two denial of service conditions addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 550713a9d3fd348783f39c959af7e569164c95b96cc3be28d7d5557bdeebfd95

Download | Favorite | View

Zeek 4.0.1

Posted Apr 22, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This is a release that addresses quite a few bugs including a null-pointer dereference vulnerability.

tags | tool, intrusion detection

systems | unix

SHA-256 | 659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3a

Download | Favorite | View

Zeek 4.0.0

Posted Mar 2, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Added support for EDNS0 Cookie and Keep-Alive options. Added new Packet Analysis plugin architecture for parsing packet headers at layers below the existing Session analysis plugins. A few other additions as well as improvements to capture-loss.zeek.

tags | tool, intrusion detection

systems | unix

SHA-256 | f2eedab3262eaa3f58a83442b1f38bad35ed72399564917b71bba42266f1ff54

Download | Favorite | View

Zeek 3.2.4

Posted Feb 23, 2021

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: A denial of service issue has been addressed as well as two bugs.

tags | tool, intrusion detection

systems | unix

SHA-256 | d5a984d383c0cc337e18d3d65b969e8566ab8a6fc38e9c6d39ba4a101027be85

Download | Favorite | View

Zeek 3.2.3

Posted Dec 16, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: This release fixes a security issue and about a half dozen other bugs.

tags | tool, intrusion detection

systems | unix

SHA-256 | f9295c2dd4076a71042bc83a267b0b0d5d5db291d7c7a12b6c5bac75292bc2c6

Download | Favorite | View

Zeek 3.2.2

Posted Oct 8, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Fixed multipart MIME leak of sub-part found after closing-boundary. Improved CI benchmark script's error handling/messaging. Fixed incorrect RSTOS0 conn_state determinations.

tags | tool, intrusion detection

systems | unix

SHA-256 | 6c5748c49207241977a0d9fcbac8ce3b6abbf866ff29469fd0c2dcd3d4f99d01

Download | Favorite | View

Zeek 3.2.1

Posted Sep 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: A security issue along with multiple bugs were addressed.

tags | tool, intrusion detection

systems | unix

SHA-256 | 1ebcc73815b00df7b7f578d34cd0278030857b6c082aaff416016b00d3d1cb67

Download | Favorite | View

Zeek 3.2.0

Posted Aug 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Zeek now caches certificates if they have (by default) been encountered more than 10 times in 62 seconds. Add parsing support for Remote Desktop Protocol UDP Transport Extension (RDPEUDP versions 1 and 2).

tags | tool, intrusion detection

systems | unix

SHA-256 | af3ee5635140a54d305667983d38ea28f36457c9f2f8727e90ea3ef00b22c44f

Download | Favorite | View

Zeek 3.1.5

Posted Jul 28, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple stack overflows fixed as well as various bug fixes.

tags | tool, intrusion detection

systems | unix

SHA-256 | b944e8d47ac435bf83ba61cbfb66ce49eb11ca2fbbde1dc2bae638097ae399e7

Download | Favorite | View

Zeek 3.1.4

Posted Jun 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Various bug fixes.

tags | tool, intrusion detection

systems | unix

SHA-256 | d72b8bcba0def6ba93b650d6f25896d9326ee0b02113b80696f47b08bd73e964

Download | Favorite | View

Zeek 3.1.3

Posted May 8, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a buffer over-read in the Ident analyzer. Various other bug fixes as well.

tags | tool, intrusion detection

systems | unix

SHA-256 | d7bf24615c4c0af2435c99c9fb8c9c0f0ecdce375e184ba7f63b715ae5900a61

Download | Favorite | View

Zeek 3.1.2

Posted Apr 15, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed a stack overflow in the POP3 analyzer. Various other bug fixes as well.

tags | tool, intrusion detection

systems | unix

SHA-256 | 1858725fd6d04a1af3c2798c341529aa0d229e838b6476f036156dc5dd254aa1

Download | Favorite | View

Zeek 3.1.1

Posted Mar 10, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This release fixes a potential high CPU load due to race in Broker data stores, a memory exhaustion issue, an incorrect symlink, and an improvement to allow some external plugins to compile.

tags | tool, intrusion detection

systems | unix

SHA-256 | a2ef5f36dc4566d2ba129f34c14c269619b9797725b65d2696c27074db5f3e6a

Download | Favorite | View

Zeek 3.1.0

Posted Feb 28, 2020

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added a new supervisor framework that enables Zeek to operate clusters. Various other additions and changes in functionality.

tags | tool, intrusion detection

systems | unix

SHA-256 | a31c015afddef00022d3a2c0ab9383a616b6e6954cba467eb037d16b88aaac8c

Download | Favorite | View

Zeek 3.0.1

Posted Dec 10, 2019

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This release addresses a performance regression in JSON logging along with various other bug fixes.

tags | tool, intrusion detection

systems | unix

SHA-256 | 79f4f3efd883c9c2960295778dc290372d10874380fd88450271652e829811d2

Download | Favorite | View

Zeek 3.0.0 (Formerly Known As Bro)

Posted Oct 5, 2019

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro is now known as Zeek. Added support for DNSSEC resource records RRSIG, DNSKEY, DS, NSEC, and NSEC3. Added support for parsing and logging DNS SPF resource records. Various other updates.

tags | tool, intrusion detection

systems | unix

SHA-256 | b552940a14132bcbbd9afdf6476ec615b5a44a6d15f78b2cdc15860fa02bff9a

Download | Favorite | View

Bro Network Security Monitor 2.6.4

Posted Aug 28, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address a potential denial of service vulnerability. The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.

tags | tool, intrusion detection

systems | unix

SHA-256 | a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7

Download | Favorite | View

Bro Network Security Monitor 2.6.3

Posted Aug 9, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address potential denial of service vulnerabilities.

tags | tool, intrusion detection

systems | unix

SHA-256 | 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f

Download | Favorite | View

Bro Network Security Monitor 2.6.2

Posted May 31, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Improved PE file analysis. Added options to tune binpac flowbuffer policy. Various other updates.

tags | tool, intrusion detection

systems | unix

SHA-256 | 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6

Download | Favorite | View

Bro Network Security Monitor 2.6.1

Posted Dec 19, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Introduced --enable-static-broker configuration option. Update submodules Broker v1.1.2 and SQLite 3.26.0.

tags | tool, intrusion detection

systems | unix

SHA-256 | d9718b83fdae0c76eea5254a4b9470304c4d1d3778687de9a4fe0b5dffea521b

Download | Favorite | View