I’ve built some Firestorm debs for x86 from the latest snapshot (0.5.5-pre3). I had to remove a little bit of verbose debug code from the linux capture driver. available here..

I’ve ported my Ethereal ELOG patch to the latest version (0.9.14) and fixed a bug handling pcap captured alerts. Created Debian debs for powerpc and i386. Matt is working on some RPMS for RedHat 9

RedHat’s latest change of support plans for RedHat Linux seems to be doing what was intended, getting more people to purchase Advanced Server (and the new Enterprise Server and Workstation) rather than leeching off them. Good for RedHat. There have been too many idiots selling RedHat Linux-based solutions expecting the coloured headgear company to do the hard work of beta testing, bug fixing etc.etc. for free.

I’m currently working on a preprocessor for the Firestorm NIDS to detect dodgy looking arp activity. So far it keeps track of hardware and protocol addresses in arp packets and alert if things change. It will soon monitor IP traffic too (and IPX/Appletalk etc. I guess) and detect a bunch of other ettercap style trickery.