Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 2.9.6 Now Available

From: Snort Releases <snortreleases () snort org>
Date: Thu, 23 Jan 2014 15:31:34 -0500
Snort 2.9.6 is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.

NOTE: There is an update to the DAQ library as well to address
a few items on different platforms.

Snort 2.9.6 includes changes for the following:

2014-01-23 - Snort 2.9.6.0
[*] New additions

  * Add support to do file specific processing within DCERPC preprocessor
    for files being transferred over SMB.

  * File capture and storage -- saves files as they traverse the network
    via a new preprocessor that ties in support within HTTP, FTP, SMTP,
    POP, IMAP, and SMB.  See README.file and README.file_server (under
    tools/file_server) for details.

  * Add <= and >= operators to byte_test rule option.

  * Update SMTP to detect Cyrus SASL authentication attack.

  * Add capability to capture a single session from start to end.

  * EXPERIMENTAL: Add support to leverage file type identification in
    snort rules.  See README.file_ips for details.

[*] Improvements

  * Only inject active responses when a TCP session is established.

  * Update the POP and IMAP protocols to support simple PAF for improved
    identification and capture of files.

  * Update SMTP, POP, IMAP to improve inspection when mime boundaries are
    split across packets.

  * Address issue to address end of line incorrectly for Quoted Printable
    email attachments.

  * Handle out of order SSL handshake in SMTP when STARTTLS is used and
    fix checks for SSL type only within the SSL hand shake.

  * Update sensitive data preprocessor to handle a stateful search of
    patterns across multiple packets.

  * Address a few issues in the Snort manual and other READMEs for
    flowbits and tunneling.

  * Save off packet data for quicker debugging in case of a SIGABRT or
    SIGBUS.

  * Fix alignment of sfxhash node for SPARC platforms.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs () snort org.

Happy Snorting!
The Snort Release Team


------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: