Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Blog: Snort 2.9.11.1 has been released!

From: "Joel Esler \(jesler\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 4 Jan 2018 16:25:22 +0000


http://blog.snort.org/2018/01/snort-29111-has-been-released.html

Snort 2.9.11.1 has been released!
Snort 2.9.11.1 has been released!

Release Notes:

2017-12-06 - Snort 2.9.11.1
New Additions


  *   Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be 
taken for all the packets, which means Snort will block the packet and generate logs.
  *   Added support to re-evaluate reputation after reputation update for all flows except those that have already been 
blacklisted.

Improvements


  *   Fixed issue to detect RTP up to two SSRC switches in each traffic direction.
  *   Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart 
header and changes to avoid expensive copy of segment data by not splitting them when flushing headers.
  *   Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip 
protocol scan.
  *   Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not 
being generated for oversized packets.
  *   Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware 
Cloud Lookup.
  *   Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels 
match the same rule as FTP control channels.
  *   Fixed issue of applying new configuration in file inspection after Snort reload.


We'd like to thank the following Snort Community members for working us to fix issues released in 2.9.11.1:


Markus Lude

BlueSky

David Binderman

You can download Snort version 2.9.11.1 from it's usual location on Snort.org<https://snort.org/downloads>.  
Talos<https://www.talosintelligence.com/> will be releasing the ruleset for 2.9.11.1 later today (January 4th, 2018).

As always, you can report issues with Snort via our Snort-devel mailing 
list<https://snort.org/community#mailing_lists>, and continue discussion for users on our Snort-users mailing 
list<https://snort.org/community#mailing_lists>.


Thanks for your support of Snort and Happy New Year!


--
Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com>







_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: