Snort mailing list archives
Re: Upgrade from 1.7 to 1.8?
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 7 Sep 2001 15:18:50 -0700 (PDT)
On Fri, 7 Sep 2001, Thomas Porter, Ph.D. wrote:
Cureently running 1.7 on freebsd 4.2 w/ logging to remote acid on a linux box. I'm real pleased w/ this setup. Can anyone suggest what would compell me to move to 1.8x? I'm not trying to be a wiseguy - I really want to know.
My personal top 3: 1) Stateful inspection 2) More Stability 3) More Optimization in the codebase. Now, from the NEWS file: 08-14-01 I was planning on getting this release out sooner than this (since it's largely a bugfix release) but my wife and I went and had a baby 2 weeks ago, which effected the schedule a little. ;) Anyway, barring any major problems the Snort 1.x code will now be going into maintenance mode as we begin development on 2.0. This version adds the following: * SNMP alerts * IDMEF XML output (the Silicon Defense plugin is integrated into the main codebase now) * Limited regex support in the rules language * New packet counters for stream4 and frag2 * New normalization mode for http_decode And a slew of bug fixes. We should get to work on 2.0 shortly, so hopefully the next release of this NEWS file will be talking about that! (knock on wood...) 07-09-01 Well, this one was a long time coming, but I think it was worth the wait. Snort can now perform stateful inspection, has improved defragmentation capabilities, uses less memory, leaks less of the memory that it does use, is faster, and has a bunch of other good stuff. Truely, this is probably the ultimate development of the 1.X series of Snort. After this version we will begin development on Snort 2.0, which will have a great many new features, be faster and more flexible, and generally be about the finest network intrusion detection system that an open source community can build. See the Changelog (read all the way back to January of this year) for changes and additions, there are far to many to list here. Some of the highlights include * stateful inspection * new tcp stream reassembly code * new ip defragmenter * new protocol available for the rules language: ip * more extensive printouts of cross reference and info in alerts * new normalizer preprocessors for telnet, rpc * 2 new output plugins (unified, csv) * 5 new preprocessors (stream4, frag2, bo, telnet_decode, rpc_decode) * 10 new rule options * unique rule IDs * A whole slew of command line options (7 at last count) * Mega bug-fixes from 1.7 Snort can now leap tall buildings in a single bound. Convinced yet? I mean, what other version could leap those buildings? ;-) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Upgrade from 1.7 to 1.8? Thomas Porter, Ph.D. (Sep 07)
- Re: Upgrade from 1.7 to 1.8? Erek Adams (Sep 07)