Snort mailing list archives
Snort 2.8.4 Release Imminent
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Mon, 6 Apr 2009 14:52:00 -0400
The Snort 2.8.4 Release is Imminent, most likely in the next two days. When this happens, the only way to stay current with detection for anything DCERPC related will be to upgrade Snort. The VRT will not be releasing detection that does not use the new dcerpc2 Preprocessor. What this means is, the only version of Snort that will get new rules for anything DCERPC related will be 2.8.4. There will be nothing released that is backwards compatible. It is not possible to do so. On the upside though, the number of rules that will be needed in the NetBIOS category will be reduced greatly. This will make rule management a lot easier. Previously, a lot of detection and decoding was being done with the rules themselves, with the new Preprocessor this is no longer necessary. Thus the huge reduction in rules and increase in simplicity of the rules themselves. Additionally as stated on the Rules download page on Snort.org ****************************************** Snort rule packages for Subscribers and Registered users track the latest feature set for any Major.X release. This means that rule packages can contain features that only exist in the latest version of snort for a given Major.X release. A simple example is: When 2.8.4 is released it becomes the current version of Snort, then the snortrules-snapshot-2.8 packages WILL utilize features not supported in 2.8.3 and earlier. ****************************************** Finally if you use OinkMaster to download rules automatically, the release of the New 2.8 snapshot rule packages with the new rules will cause your snort to fail to start if it is not upgraded to Snort 2.8.4 with dcerpc2 enabled. Keep an eye on the mailing lists, snort.org and the VRT Blog. Release is imminent. Additional information here http://vrt-sourcefire.blogspot.com/2009/04/snort-284-is-nigh.html http://vrt-sourcefire.blogspot.com/2009/02/important-snort-rule-changes-and-new.html http://vrt-sourcefire.blogspot.com/2009/02/dcerpc2-ruleset-now-available.html http://www.snort.org/vrt/tools/using-dcerpc2.html http://www.snort.org/vrt/tools/README.dcerpc2 -- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.8.4 Release Imminent Matt Watchinski (Apr 06)