IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 2.2.0 released

From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 12 Aug 2004 18:51:46 -0400
Hi everyone,
Snort 2.2.0 has been released and is available at http://www.snort.org/dl/snort-2.2.0.tar.gz 

New features include:

* New TCP state engine in stream4
* ASN.1 parsing and detection functionality added to rules language (sp_asn1) * Stream logging added, individual stream segment packets are logged for events on rebuilt streams instead of the pseudopacket (for unified and pcap logging) 
* New Aho-Corasick pattern matchers
* Webroot alert for HTTP directory traversal attacks

Fixes:
* Rebuilt TCP packet munging reported by Steve Halligan. Thanks for your help getting pcaps so we could analyze this bug. * Improved TCP stream flushing as reported by Brian Bailey. Thanks for your help working on this with us. * Chunked encoding false positives fixed in http_inspect. Thanks Lindsey Cheng for finding the problem. * Turned off http_inspect alerts that were causing false positives in the 
  preset webserver profiles.
* Turn off encoding alerts in HTTP parameter field.  The parameter field
  is still normalized, it just doesn't alert.  This helps reduce alerts
  that are generated from complex parameter queries.
* Fixed memory leak in "fast" output.  Thanks for your bug report
  sekure () gmail com.

Fixes since RC1:
* Updated database schema diagram from Chris Reid. Schema can be found in ./doc/snort_schema_v106.pdf * Added --include-pcre* configuration option to help cross compiling. Thanks Erik de Castro Lopo. * Fixed thresholding/suppression issue with queuing multiple events per packet. Thanks Andreas Ostling. * Turned off http_inspect alerts that were causing false positives in the preset webserver profiles (Thanks Dan Roelker). * Turn off encoding alerts in HTTP parameter field. The parameter field is still normalized, it just doesn't alert. This helps reduce alerts that are generated from complex parameter queries (Thanks Dan Roelker). * Fixed memory leak in "fast" output. Thanks for your bug report sekure () gmail com. * Clear error code which under Windows was causing a subsequent false failure in parsing threshold rules. (Thanks to Rich Adamson) 

Further details can be found in Changelog and RELEASE.NOTES.

Thanks!
The Snort Team

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: