Introduction
This article discusses the new features in Farsight’s latest release of the
Advanced Exchange Access (AXA) toolkit, version 1.2.0.
For background on Farsight Security’s Security Information Exchange (SIE) and AXA itself, it is recommended that you be comfortable with the material in the following Farsight Security Blog articles:
- Farsight’s Advanced Exchange Access, Part 1 of 3
- Farsight’s Advanced Exchange Access, Part 2 of 3
- Farsight’s Advanced Exchange Access, Part 3 of 3
Bug Fixes and New Features
The following new features and bug fixes are available in AXA 1.2.0 which
is available here and here.
- Add command
status: Added a status command to retrieve current connection details. Example:
sra> connect tls:[email protected],1021 * HELLO srad version 1.1.1 mschiffm AXA protocol 1 sra> status connected to "srad version 1.1.1 mschiffm AXA protocol 1" sra.sie-remote.net,1021 connected for: 3 seconds TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384 zlib compression 0 packets remaining to print of 0 total
Add support for new channels: In
1.2.0we added support for DNS Errors and NXD Channels viaetc/fields.Add pidfile support for
sratunnel: We added an option tosratunnelto allow the user to specify a pidfile. This allows for easy management of daemonizedsratunnelprocesses.Updated help: The help has been updated to be a bit clearer and easier to read.
Fix
print_sie_newdomain(): There was a NULL pointer dereference that resulted in a crash. The bug was triggered when a pathologicalnewdomainSOA message was printed in “non-verbose” mode.Fix
axa_str_to_cidr(): Patched to remove a false negative error condition.Fix
axa_get_token(),axa_vlog_msg(),dns_to_key(),trie_free(): Multiple corner-case bugs fixed.
Stay tuned for further updates!
Mike Schiffman is a Packet Esotericist for Farsight Security, Inc.
