Snort mailing list archives

Snort 2.3 CVS branch, and new features

From: Jeremy Hewlett <jh () sourcefire com>
Date: Mon, 13 Sep 2004 17:16:59 -0400


Hello!

The new features planned for Snort-2.3 have been checked into CVS
under the SNORT_2_3 branch. We're pretty excited about the new
features! First on the list is Snort-Inline (woo!). This was a big
accomplishment, and took the efforts of many people. A big thanks to
the following people for their hard work and heading up the
Snort-Inline project -

Jed Haile
Rob McMillen
William Metcalf
Victor Julien

Thanks to these guys and the Snort-Inline community for their
continued efforts in making this into an excellent feature.

Also, thanks Dan Roelker of Sourcefire for integrating Snort-Inline
into the official project and ironing out issues that popped up during
the process. 

The inline feature set includes only the core inline functionality.
This means that DROP, SDROP, and REJECT rule-types are supported. A
couple of new features were also added during the integration effort,
which provides inline state and dropping packets with bad checksums.
The Snort-Inline project will continue to develop new inline features,
so for the latest advancements in inline functionality, please
refer to the Snort-Inline project. Further documentation can be found
in doc/README.INLINE and the Snort-Inline website at
http://snort-inline.sf.net.

Next up is a new portscan detection engine - sfPortscan. This engine
was developed to detect TCP/UDP/ICMP/IP protocol scans and sweeps. In
addition to this, it detects decoy and distributed portscans, and can
distinguish between filtered and unfiltered scans. When portscan alerts
are generated, the details of the portscan are logged along with it.
This information gives the analyst details on how many ports were
scanned, ranges, number of ips scanned, ip ranges, and what ports were
open on the target. For more information, please see
doc/README.sfportscan. The design and implementation was headed up
by Dan Roelker, and included Marc Norton and Jeremy Hewlett.

This release also includes various bug fixes, please refer to the
ChangeLog for further information. Also, please remember that this is
not considered to be an official stable release or candidate. Standard
CVS disclaimer applies.  However, for those living on the
bleeding-edge, we encourage you to check it out and give us feedback.

Lastly, we've updated the "Our Team" page at snort.org, check it out
at http://www.snort.org/team.html

Thanks for your time, please let us know what you think!

Cheers,
The Snort Team


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 2.3 CVS branch, and new features Jeremy Hewlett (Sep 13)
- Re: Snort 2.3 CVS branch, and new features Olaf Schreck (Sep 14)
  - Re: Snort 2.3 CVS branch, and new features Will Metcalf (Sep 14)
    - Re: Snort 2.3 CVS branch, and new features Stef (Sep 14)
  - Re: Snort 2.3 CVS branch, and new features Victor Julien (Sep 14)
- Re: Snort 2.3 CVS branch, and new features Jeremy Hewlett (Sep 14)