Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment, it just a sensor but there are plans are to include real support for analysis, reporting, remote console, and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
Release Notes: Several reported bugs were fixed, including some crash bugs. The firestorm root directory was changed. TCP stream reassembly code was greatly improved. Indexing and filtering support was added to the firecat utility. Debian support was added.
Release Notes: Initial support for TCP stream reassembly was added. A GNOME 2-based analysis console was started, and a number of major performance and scalability improvements were made. A few bugs were fixed, including one crash bug in the ipfrag module.
Release Notes: A bug from version 0.5.1 which stopped UDP packets from being matched at all was fixed. Some TCP state tracking bugs were fixed. A bug decoding Novell IPX frames was fixed. Firestorm now alerts on some kinds of TCP state violations. Lots of internal API cleanups were made. Lots of new documentation was written.
Release Notes: A bug in which ipfrag alerts didn't work properly was fixed. A bug in the content matching code which was looking for strings inside transport layer headers was fixed. The configuration code was rewritten, returning to a single simple config file. Built-in alerts are now appropriately rate-limited. Some all-round usability and stability improvements were made.
Release Notes: In this version, some major bugs were fixed, including a crash bug introduced just before the last release. New Snort keywords limit and burst have been introduced which allow users to ratelimit the alerts that can be produced by certain rules and thus help to prevent DoS attacks against ICMP and UDP rules. The way Firestorm is configured has been overhauled and some performance enhancements were made.