what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 16 of 16

Files from Vern Paxson

Zeek 3.0.0 (Formerly Known As Bro)

Posted Oct 5, 2019

Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro is now known as Zeek. Added support for DNSSEC resource records RRSIG, DNSKEY, DS, NSEC, and NSEC3. Added support for parsing and logging DNS SPF resource records. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 6f952bac75a8b5299d45361da93fd9e9

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.6.4

Posted Aug 28, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address a potential denial of service vulnerability. The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.

tags | tool, intrusion detection

systems | unix

MD5 | 2c31485fa88bd2c42684ae9afa7d5b49

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.6.3

Posted Aug 9, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: This is a security patch release to address potential denial of service vulnerabilities.

tags | tool, intrusion detection

systems | unix

MD5 | 498da0f8d334f27b2040e7075b60240c

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.6.2

Posted May 31, 2019

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Improved PE file analysis. Added options to tune binpac flowbuffer policy. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 38fa8313b25f4dff8723b3c47265ece1

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.6.1

Posted Dec 19, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Introduced --enable-static-broker configuration option. Update submodules Broker v1.1.2 and SQLite 3.26.0.

tags | tool, intrusion detection

systems | unix

MD5 | 36e2decedf77c20f09a3e11d59fdc2b2

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.6

Posted Nov 30, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Added missing ICMP router advertisement counterpart. Removed unnecessary Bloom filter empty check. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | d228bd66a3fa969a8515a25445f484d1

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.5.5

Posted Aug 31, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Fixed signed/unsigned comparison warning. Fixed SMTP command string comparisons. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 0731cac64562e113195a32758022f14e

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.5.4

Posted Jun 5, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a particular analyzer incorrectly assumed that the evaluated-array-length expression is actually the number of elements that were parsed out from the input. Various other updates.

tags | tool, intrusion detection

systems | unix

MD5 | 2bc85f51d6257378594775d04177ba30

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.5.3

Posted Feb 16, 2018

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Patch added in Binpac submodule that fixes an integer overflow.

tags | tool, intrusion detection

systems | unix

MD5 | 13794fb4dc8f45cff106a1c26af80d7b

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.5.2

Posted Oct 16, 2017

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro 2.5.2 fixes a security issue in the ContentLine analyzer. In rare cases a bug in the ContentLine analyzer can lead to an out of bound write of a single byte. This allows a remote attacker to crash Bro; there also is a possibility this can be exploited in other ways.

tags | tool, intrusion detection

systems | unix

MD5 | c2de260b7592418e3f136a46a069f8d1

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.5.1

Posted Jun 27, 2017

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple additions and improvements.

tags | tool, intrusion detection

systems | unix

MD5 | ab72dfae355629352b3cb67a849651f7

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.5

Posted Nov 18, 2016

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro now requires a compiler with C++11 support for building the source code. Bro now requires Python instead of Perl to compile the source code. When enabling Broker (which is disabled by default), Bro now requires version 0.14 of the C++ Actor Framework. New SMB analyzer added. Inclusion of multiple frameworks has been added. Multiple other additions and improvements.

tags | tool, intrusion detection

systems | unix

MD5 | 729883ae9196faafd49fed6e5fad53fe

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.4.1

Posted Sep 9, 2015

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Moved SIP analyzer to flowunit instead of datagram. Fixed potential ARP out-of-bounds memory access. Various other updates and fixes.

tags | tool, intrusion detection

systems | unix

MD5 | 353e79df458e2bbfa00bdbaa0f183908

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.4

Posted Jun 10, 2015

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Bro now has support for external plugins that can extend its core functionality, like protocol/file analysis, via shared libraries. Bro now has support for the MySQL wire protocol. Activity gets logged into mysql.log. Bro now parses DTLS traffic. Activity gets logged into ssl.log. Various other updates and fixes.

tags | tool, intrusion detection

systems | unix

MD5 | b0768ba77e6347d77a20e595f7eee120

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.3.2

Posted Jan 27, 2015

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple security-related bug fixes.

tags | tool, intrusion detection

systems | unix

advisories | CVE-2014-9586

MD5 | d89fe0942e41c25869effd959749a730

Download | Favorite | Comments (0)

Bro Network Security Monitor 2.3.1

Posted Sep 10, 2014

Authored by Robin Sommer, Vern Paxson | Site bro.org

Bro is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Changes: Multiple bug fixes.

tags | tool, intrusion detection

systems | unix

MD5 | 29a773ec6da4ee4f8ed86dfc26c60811

Download | Favorite | Comments (0)