NetFort Advertising

LANGuardian 12.4 Release Notes

This is a minor release for LANGuardian 12.4, with the following new features and bug fixes:

 

New Features

Snort 2.9

Upgrade to Snort 2.9. The Snort IDS engine has been upgraded to Snort version 2.9.7. This allows LANGuardian to take advantage of new keywords supported in IDS signatures for Snort 2.9, distributed from the ET Open project.

 

SMTP Email decoder enhancements

The SMTP decoder has been upgraded to record the following information

  • Attachments to SMTP emails, including attachment name, MIME type and description
  • Embedded hyper Link detection in emails. This is a beta release for evaluation. Where an SMTP email contains a hyper link, but the link target doesn’t seem to match the description, LANGuardain will log the link target and the description.

See report “Email :: By Sender”.

 

Top Website Domains report

The Website monitoring module has been upgraded to now report on HTTPS domains. Domain information (such as https://facebook.com) and traffic volumes are recorded. Individual URIs are encrypted and cannot be reported. See report “Web :: Top Website Domains”.

 

Bittorrent decoder

The Bittorrent decoder has been upgraded to record Peer Exchange messages (PEX). This increases the detection rate for Bittorrent activity and will record media titles, if included in the PEX message. See report “Bittorrent :: Search by Info Hash”

 

Change lguser password from GUI

Administrators can now set the password for the lguser account, to enable access to the LANGuardian console, to run commands such as tcpdump. See Settings -> System

 

Syslog forwarding of events

A new configuration page has been added to manage the forwarding of events to external syslog collector (SIEM) systems. See Settings -> Alerts Configuration

The following bugs have been resolved in 12.4

2515      URIs containing %0a break csv output

3228      Drilling down fails on certain URLs

3248      Source IP Filter for Top Protocols not being passed to Top Talkers

3279      Flow direction wrong for UDP multicast packets incorrectly reported

3280      Valid BPF value not accepted on sensor settings page

3283      An error is returned when you enter the following bpf filter not net (10.6.0.0/16 or 10.5.0.0/16)

3299     DNS Warning Message during Install

3300      Netscan report reporting IP range a ‘UnKnown’

3317      Sensor status page link status is n/a for all local interfaces

3323      Quotes in IDS signatures displayed as %22