Release Notes: Several reported bugs were fixed, including some crash bugs. The firestorm root directory was changed. TCP stream reassembly code was greatly improved. Indexing and filtering support was added to the firecat utility. Debian support was added.
Release Notes: Initial support for TCP stream reassembly was added. A GNOME 2-based analysis console was started, and a number of major performance and scalability improvements were made. A few bugs were fixed, including one crash bug in the ipfrag module.
Release Notes: A bug from version 0.5.1 which stopped UDP packets from being matched at all was fixed. Some TCP state tracking bugs were fixed. A bug decoding Novell IPX frames was fixed. Firestorm now alerts on some kinds of TCP state violations. Lots of internal API cleanups were made. Lots of new documentation was written.
Release Notes: A bug in which ipfrag alerts didn't work properly was fixed. A bug in the content matching code which was looking for strings inside transport layer headers was fixed. The configuration code was rewritten, returning to a single simple config file. Built-in alerts are now appropriately rate-limited. Some all-round usability and stability improvements were made.
Release Notes: In this version, some major bugs were fixed, including a crash bug introduced just before the last release. New Snort keywords limit and burst have been introduced which allow users to ratelimit the alerts that can be produced by certain rules and thus help to prevent DoS attacks against ICMP and UDP rules. The way Firestorm is configured has been overhauled and some performance enhancements were made.
Release Notes: A bug where tcpdump log files would get overwritten has been fixed. SIGHUP is now dealt with properly to allow log rotation. The TCP state tracking code was completely rewritten and is now much more accurate and efficient. A minor bug was fixed in the snort signature parsing. Support for HTTP URI content matching was added. Snort signatures are now bundled with default packages.
Release Notes: Support for Snort IP address lists, the flow keyword, and regular expressions were added, as well as the ability to remotely log alerts to prelude servers. Some portability fixes were made, a file permission bug was fixed, and the depth modifier for string matching was also fixed. The format of some entries in firestorm.conf have changed, so users will need to update theirs to use this version.
Release Notes: TCP stateful inspection was added (to defeat stick/snot type attacks). A 'fragoffset' matcher and the 'stateless' keyword were implemented. IP-defragmentation now supports configurable timeouts and has had performance improvements. Some bugs were fixed in snort rule parsing. Some bugs which caused false positives were fixed.
Release Notes: This release fixes a potential crash bug in ipopts decoding. Lots of subtle bugs have been fixed in IP decoding and defragmentation. An 802.1q (VLAN) decode plugin has been added. The ASCII output module can now log to separate files. The Linux capdev module now allows you to specify an interface (or 'any'), and can also detect MTUs. Alerts can now be logged as tcpdump files. The IP defragmentation plugin can now ignore packets with TTLs that are too low (minttl option). Different output modules can be configured depending on the type of alert.
Release Notes: This release fixes a lot of crash bugs, faulty high/low watermark values for IP defragmentation, and adds case insensitive string matching, and a Linux SLL protocol decoder. icmp_id and icmp_seq now only match ICMP echo packets. A bug where content and dsize matchers could count headers as well as payloads was fixed, along with some bugs regarding reassembly of IP fragments. libpcap library/header paths can now be configured at build time. A few micro-optimisations were also made.