Snort mailing list archives
Re: Snort-devel Digest, Vol 5, Issue 2
From: Rajkumar <rpandi () unm edu>
Date: Wed, 11 Oct 2017 15:59:47 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This version is released fixing all bugs in preprocessors including stream5. Raj On 10/11/2017 11:06 AM, snort-devel-request () lists snort org wrote:
Send Snort-devel mailing list submissions to > snort-devel () lists snort org > > To subscribe or unsubscribe via the
World Wide Web, visit > https://lists.snort.org/mailman/listinfo/snort-devel > or, via email, send a message with subject or body 'help' to > snort-devel-request () lists snort org > > You can reach the person managing the list at > snort-devel-owner () lists snort org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Snort-devel digest..." > > > Today's Topics: > > 1. Snort 2.9.11.0 has been released! (Snort Releases) > 2. Re: [Snort-sigs] Snort 2.9.11.0 has been released! > (Joel Esler (jesler)) > > > ---------------------------------------------------------------------- >
Message: 1 > Date: Wed, 11 Oct 2017 12:28:29 -0400 > From: Snort
Releases <snortreleases () snort org> > To: snort-users () lists snort org, snort-sigs () lists snort org, > snort-devel () lists snort org, snort-openappid () lists snort org > Subject: [Snort-devel] Snort 2.9.11.0 has been released! > Message-ID: <e9735b82-c16f-c48e-c52c-7fb96c311ad6 () snort org> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Please join the Snort team as we welcome the addition of Snort 2.9.11.0 > to general availability! > > Snort 2.9.11.0 can be downloaded from the usual location on Snort.org > <https://www.snort.org/downloads>. > > Below are the release notes: > > > Snort 2.9.11 > [*] New additions > > > Changes to eliminate Snort restart when there are changes to the memory > allocated for preprocessors, by releasing unused or least recently used
memory when needed. > Added support for storing filenames in Unicode
for SMB protocol. > Added implementation of hostPortCache versioning for unknown flows in > AppID to detect and block BitTorrent. > > > [*] Improvements > > > Enhanced RTSP metadata parsing to match the user-agent field to detect > RTSP traffic over Windows Media. > Performance improvement when SYN rate limit has reached and drop is > configured as next action > Control-socket and side-channel support for FreeBSD platform. > Fixed issue in file signature lookup for retransmitted FTP packet. > Enhanced the processing of SIP/RTP future flows without ignoring them. > Changes made in PDF/SWF decompression by adding boundary to the size of > the decompressed data. > Added a null check to prevent copy unless debugHostIp is configured in > AppId. > Fixed issue where FTP file type block doesn't work for retried download.
Resolved issue where Snort is inappropriately handling traffic for
which > AppId was creating future flow. > Performance improvements for SIP/RTP audio and video data flow in AppId. > Performance and stability improvements in FTP preprocessor like > incorrect referencing of ftp_data_session after its pruned. > Stability improvement by resolving valgrind reported issues in AppId. > Improved flushing mechanism for HTTP POST header. > Added changes to display AppId for IPv6 unified events. > Fixed issues with printing of messages for out-of-order packets. > Fixed issue in increment of detection filter counter when rule is used > in multiple configurations. > Fixed dynamic preprocessor compilation failure in OpenBSD platform. > Added changes to improve performance of ipvar list comparison. > Enhanced SMTP client detection by allowing line folding and all > authentication methods. > > As always, join the conversation over on the Snort-Users list > <https://www.snort.org/community> for any installation or upgrade > assistance! > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171011/5084c4ac/attachment-0001.html>
------------------------------ > > Message: 2 > Date: Wed, 11 Oct
2017 17:06:22 +0000 > From: "Joel Esler (jesler)" <jesler () cisco com> > To: Glenn Ungaro <gungaro () necscorp com> > Cc: "snort-team(mailer list)" <snort-team () cisco com>, > "snort-sigs () lists snort org" <snort-sigs () lists snort org>, > "snort-devel () lists snort org" <snort-devel () lists snort org>, > "snort-openappid () lists snort org" <snort-openappid () lists snort org>, > "snort-users () lists snort org" <snort-users () lists snort org> > Subject: Re: [Snort-devel] [Snort-sigs] Snort 2.9.11.0 has been > released! > Message-ID: <7570F0C6-15C7-4C09-A68A-0FF9CC61F287 () cisco com> > Content-Type: text/plain; charset="utf-8" > > We do not control PFSense?s upgrade cycle. You will have to ask the PFSense developers via their forums to upgrade the version of Snort inside the PFSense system. > > -- > Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> > > >
On Oct 11, 2017, at 12:54 PM, Glenn Ungaro
<gungaro () necscorp com<mailto:gungaro () necscorp com>> wrote: > > Any chance this will be available for pfSense as well? > > > Glenn Ungaro > Asst. Network Administrator > Northeast Computer Corp. > gungaro () necscorp com<mailto:gungaro () necscorp com> > > > On Oct 11, 2017, at 12:28 PM, Snort Releases <snortreleases () snort org<mailto:snortreleases () snort org>> wrote: > > > Please join the Snort team as we welcome the addition of Snort 2.9.11.0 to general availability! > > Snort 2.9.11.0 can be downloaded from the usual location on Snort.org<https://www.snort.org/downloads>. > > Below are the release notes: > > > Snort 2.9.11 > [*] New additions > > > Changes to eliminate Snort restart when there are changes to the memory allocated for preprocessors, by releasing unused or least recently used memory when needed. > Added support for storing filenames in Unicode for SMB protocol. > Added implementation of hostPortCache versioning for unknown flows in AppID to detect and block BitTorrent. > > > [*] Improvements > > > Enhanced RTSP metadata parsing to match the user-agent field to detect RTSP traffic over Windows Media. > Performance improvement when SYN rate limit has reached and drop is configured as next action > Control-socket and side-channel support for FreeBSD platform. > Fixed issue in file signature lookup for retransmitted FTP packet. > Enhanced the processing of SIP/RTP future flows without ignoring them. > Changes made in PDF/SWF decompression by adding boundary to the size of the decompressed data. > Added a null check to prevent copy unless debugHostIp is configured in AppId. > Fixed issue where FTP file type block doesn't work for retried download. > Resolved issue where Snort is inappropriately handling traffic for which AppId was creating future flow. > Performance improvements for SIP/RTP audio and video data flow in AppId. > Performance and stability improvements in FTP preprocessor like incorrect referencing of ftp_data_session after its pruned. > Stability improvement by resolving valgrind reported issues in AppId. > Improved flushing mechanism for HTTP POST header. > Added changes to display AppId for IPv6 unified events. > Fixed issues with printing of messages for out-of-order packets. > Fixed issue in increment of detection filter counter when rule is used in multiple configurations. > Fixed dynamic preprocessor compilation failure in OpenBSD platform. > Added changes to improve performance of ipvar list comparison. > Enhanced SMTP client detection by allowing line folding and all authentication methods. > > As always, join the conversation over on the Snort-Users list<https://www.snort.org/community> for any installation or upgrade assistance! > > _______________________________________________ > Snort-sigs mailing list > Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org> > https://lists.snort.org/mailman/listinfo/snort-sigs > > http://www.snort.org > > Please visit http://blog.snort.org for the latest news about Snort! > > Visit the Snort.org<http://Snort.org> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>! > > _______________________________________________ > Snort-sigs mailing list > Snort-sigs () lists snort org<mailto:Snort-sigs () lists snort org> > https://lists.snort.org/mailman/listinfo/snort-sigs > > http://www.snort.org > > Please visit http://blog.snort.org for the latest news about Snort! > > Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>! > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20171011/2abf9ae9/attachment.html>
------------------------------ > > Subject: Digest Footer > >
_______________________________________________ > Snort-devel mailing list > Snort-devel () lists snort org > https://lists.snort.org/mailman/listinfo/snort-devel > > > ------------------------------ > > End of Snort-devel Digest, Vol 5, Issue 2 > ***************************************** -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ3pRSAAoJEN9aK+cL7XQJTOcP/19xgLDsf2bUzib1xNwpgeth cjkWFFcpAa8de7OVCNHOyzRCfY6QOgih7XeacOsXco+KlmOOYNXEcNSVUkIx4R9H sQEukbrevVSWCjkuG8l/OE1nalkCQZm9UVOAOP0MgpgGFlGOAqdWXkmXQ/Isrddb OmArImRucNsR044xVlsrYdf0hlKqDt/FHDTwtezNE4fOcJIm+G9Q/WEK66YsrEkg Wg/WraiA1BzpVH59XBzQ+i/pRJC4Nkm0x4eonwwi2hJ8bsnJTr+6y860mkALC6Xh qZjXiLtOBSGaXiB8nRvTCyJjdLwY97qfR5YMhm8m84zoXUAhgzQbbUqPojuNqvBy 4XcO3tgd7PuYNUeUSUSd+jAP3G6bSSuDuKP4UHPWjp3cld5JhUnIMnGP+rU/f104 wstfaIV6qpr8lASl/zNUQufV6BbfdETzYwV+3whHTWIx9uc9di3iC51Gth9bFb2M IQS/L0SqkH7HqB9F0cvTAH+weaXUsthrH2ryNAAe7z6hz74lI9pD7bNxCma3djap 6d7drP37J2OjSwp6b1mVpgSESXjZEQkfEVsk92x+nXNJZbQXvs7yX1Wj+w/Q5AM8 qC9DqXRps47UoXAuzXX21gKhj0dTtX7lF/p2WBK+I8rDe2SsaiLUo044Fw/tF6hC /u5M9IJup4u3bNDmpzbu =vpT1 -----END PGP SIGNATURE----- _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Snort-devel Digest, Vol 5, Issue 2 Rajkumar (Oct 11)