This article discusses the new features in Farsight’s latest release of the
Advanced Exchange Access (AXA) toolkit, version
For background on Farsight Security’s Security Information Exchange (SIE) and AXA itself, it is recommended that you be comfortable with the material in the following Farsight Security Blog articles:
- Farsight’s Advanced Exchange Access, Part 1 of 3
- Farsight’s Advanced Exchange Access, Part 2 of 3
- Farsight’s Advanced Exchange Access, Part 3 of 3
Bug Fixes and New Features
- Add command
status: Added a status command to retrieve current connection details. Example:
sra> connect tls:email@example.com,1021 * HELLO srad version 1.1.1 mschiffm AXA protocol 1 sra> status connected to "srad version 1.1.1 mschiffm AXA protocol 1" sra.sie-remote.net,1021 connected for: 3 seconds TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384 zlib compression 0 packets remaining to print of 0 total
Add support for new channels: In
1.2.0we added support for DNS Errors and NXD Channels via
Add pidfile support for
sratunnel: We added an option to
sratunnelto allow the user to specify a pidfile. This allows for easy management of daemonized
Updated help: The help has been updated to be a bit clearer and easier to read.
print_sie_newdomain(): There was a NULL pointer dereference that resulted in a crash. The bug was triggered when a pathological
newdomainSOA message was printed in “non-verbose” mode.
axa_str_to_cidr(): Patched to remove a false negative error condition.
- Multiple corner-case bugs fixed.
Stay tuned for further updates!
Mike Schiffman is a Packet Esotericist for Farsight Security, Inc.