Snort mailing list archives
Snort 2.2.0-RC1 available
From: Jeremy Hewlett <jh () sourcefire com>
Date: Tue, 29 Jun 2004 12:04:26 -0400
Good afternoon! The first release candidate of Snort v2.2 is available! We ask that everyone give it a whirl and let us know what you think. Source and Win32 installer are currently available, RPMs are coming shorty. The major features/fixes of Snort 2.2.0 RC1 include: * Added new TCP state engine * Added ASN.1 parsing and detection functionality to snort. Please refer to README.asn1 for more information on rule usage. * Fixed rebuilt TCP packet munging reported by Steve Halligan. Thanks a lot for getting this problem down to pcap so we could analyze the problem. * Improve TCP reassembly flushing for TCP streams that have already generated an alert. This was illustrated by Brian Bailey in his SANS GIAC practical examination. Thanks for working with us on this one. * Added webroot alert. This alert is generated when a URL directory traversal traverses past the webroot. Added new URI discovery technique pointed out by Kanatoko. Please see doc/README.http_inspect for more details. * New Aho-Corasick pattern matchers. Added content length tracking on otnx structures. * Chunked Encoding false positives fixed in http_inspect. Thanks Lindsey Cheng for finding the problem. * Updated RPMs - please see contrib/rpm/CHANGES.rpms for further details. The Snort documentation for 2.2 is still a work in progress, and has not yet been completely updated. To that end, if anyone has any suggestions on improvments for documentation, please send it to Brian Caswell and myself. ..and as always, a big thank you to the community for your continued support and suggestions! Cheers, The Snort Team ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.2.0-RC1 available Jeremy Hewlett (Jun 29)