Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 2.2.0-RC1 available

From: Jeremy Hewlett <jh () sourcefire com>
Date: Tue, 29 Jun 2004 12:04:26 -0400

Good afternoon!

The first release candidate of Snort v2.2 is available! We ask that
everyone give it a whirl and let us know what you think.  Source and
Win32 installer are currently available, RPMs are coming shorty.

The major features/fixes of Snort 2.2.0 RC1 include:

* Added new TCP state engine

* Added ASN.1 parsing and detection functionality to snort.  Please
  refer to README.asn1 for more information on rule usage.

* Fixed rebuilt TCP packet munging reported by Steve Halligan.  Thanks
  a lot for getting this problem down to pcap so we could analyze the
  problem.

* Improve TCP reassembly flushing for TCP streams that have already
  generated an alert.  This was illustrated by Brian Bailey in his
  SANS GIAC practical examination.  Thanks for working with us on this
  one.

* Added webroot alert.  This alert is generated when a URL directory
  traversal traverses past the webroot.  Added new URI discovery
  technique pointed out by Kanatoko. Please see doc/README.http_inspect
  for more details.

* New Aho-Corasick pattern matchers.  Added content length tracking on
  otnx structures.

* Chunked Encoding false positives fixed in http_inspect. Thanks
  Lindsey Cheng for finding the problem.

* Updated RPMs - please see contrib/rpm/CHANGES.rpms for further
  details.

The Snort documentation for 2.2 is still a work in progress, and has
not yet been completely updated. To that end, if anyone has any
suggestions on improvments for documentation, please send it to Brian
Caswell and myself.

..and as always, a big thank you to the community for your continued
support and suggestions!

Cheers,
The Snort Team


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: