Snort mailing list archives
Snort 2.9.6 Now Available
From: Snort Releases <snortreleases () snort org>
Date: Thu, 23 Jan 2014 15:31:34 -0500
Snort 2.9.6 is now available on snort.org, at http://www.snort.org/snort-downloads/ in the Development section. NOTE: There is an update to the DAQ library as well to address a few items on different platforms. Snort 2.9.6 includes changes for the following: 2014-01-23 - Snort 2.9.6.0 [*] New additions * Add support to do file specific processing within DCERPC preprocessor for files being transferred over SMB. * File capture and storage -- saves files as they traverse the network via a new preprocessor that ties in support within HTTP, FTP, SMTP, POP, IMAP, and SMB. See README.file and README.file_server (under tools/file_server) for details. * Add <= and >= operators to byte_test rule option. * Update SMTP to detect Cyrus SASL authentication attack. * Add capability to capture a single session from start to end. * EXPERIMENTAL: Add support to leverage file type identification in snort rules. See README.file_ips for details. [*] Improvements * Only inject active responses when a TCP session is established. * Update the POP and IMAP protocols to support simple PAF for improved identification and capture of files. * Update SMTP, POP, IMAP to improve inspection when mime boundaries are split across packets. * Address issue to address end of line incorrectly for Quoted Printable email attachments. * Handle out of order SSL handshake in SMTP when STARTTLS is used and fix checks for SSL type only within the SSL hand shake. * Update sensitive data preprocessor to handle a stateful search of patterns across multiple packets. * Address a few issues in the Snort manual and other READMEs for flowbits and tunneling. * Save off packet data for quicker debugging in case of a SIGABRT or SIGBUS. * Fix alignment of sfxhash node for SPARC platforms. See the Release Notes and ChangeLog for more details. Please submit bugs, questions, and feedback to bugs () snort org. Happy Snorting! The Snort Release Team ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.6 Now Available Snort Releases (Jan 23)
- <Possible follow-ups>
- Snort 2.9.6 Now Available Snort Releases (Jan 23)