Snort mailing list archives
Snort 1.8.6 is Available!
From: Chris Green <cmg () sourcefire com>
Date: Mon, 08 Apr 2002 18:13:08 -0400
This is the first official announcement of a new Snort version in several months and it contains a multitude of fixes over previous versions. While the official releases have gone very slowly lately, the development of snort has picked up immensely. 1.8.4 and 1.8.5 both had bugs that were found right as we were ready to do a full release and represented good midway points but 1.8.6 should be the stable target. http://www.snort.org/dl/snort-1.8.6.tar.gz This release has many many fixes over 1.8.3. Lots of bugs in stream4 have been ironed out thanks to Phil Wood and myself staring at various lines of code for hours on end. The major "gotcha" with this release will be that rules with <- used as the direction operator are no longer accepted. This is a bug fix in that it was assumed to be -> before ( unless you compiled with a specific define set). * The ICMP decoders have been rewritten. * (This is a summary of recent changes -- not all mine) * Fixed stream4 offset initialization * Double Open of snort log file * Lots of new rules * Fatal error on problems other than -> and <> * Fixed stream4 several low memory conditions * Error checking in stream4/frag2 argument parsing * snort-db schema updates to 1.05 * --with-pcap-includes should now look at specified pcap * packet statistics now should be more accurate with regards to lost frags * double PID file write * S4 alignment problems on SPARC fixed ( rpc_decode still has SPARC alignment errors ) * new snmptrap code * documentation updates * Stability fixes in frag2 * SEQ / ACK checking should be correct (reported by Judy Novak; fix -- Phil Wood) * Reassembled packets with stream4 will now also be inspected when using -z est (reported by Andrea Barisani -- thanks for the patience) * ip fragments are now calculated correctly (reported by Judy Novak) * rule headers correctly matched (Christian Mock) ( multiple CIDR performance greatly increased ) Unfortunately, I've forgotten a lot of the names that I should be thanking here so please forgive me if you haven't been mentioned. Packages for various platforms will be uploaded as available Help Needed: We are trying very hard to have a great snort.org rules database full of information to help us all spend less time researching events that our sensors pick up. Just pick 1 signature from http://www.snort.org/snort-db/unfinished.html, queue it up and submit the template ( http://www.snort.org/snort-db/snort-sid-template.txt ) to snort-sigs () lists sourceforge net Our full request for help is here: http://www.snort.org/snort-db/help-us.html I'd also like extend thanks to everyone that has been contributing to the database. Putting in a few definitions really helps out. -- Chris Green <cmg () sourcefire com> http://www.sourcefire.com http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Sponsored by http://www.ThinkGeek.com/
Current thread:
- Snort 1.8.6 is Available! Chris Green (Apr 08)
- <Possible follow-ups>
- RE: Snort 1.8.6 is Available! Ronneil Camara (Apr 08)