Snort mailing list archives
Snort.org Blog: Snort 2.9.1 beta coming soon!
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 11 Jun 2011 12:35:28 -0400
http://blog.snort.org/2011/06/snort-291-beta-coming-soon.html Snort 2.9.1 beta coming soon! Hope you all are enjoying the weekend. We wanted to put out a heads-up for those of you that follow Snort's development closely of our 2.9.1-beta that should be coming very soon. I'm going to post a copy of the release notes here. We'll be doing a breakdown of some of the newest features of Snort 2.9.1 upon it's release along with a webcast. This release fixes a ton of bugs that the community has been asking about recently. We'll post again when the beta release is out, with download links, and an email address about where to provide us feedback. So without further ado, here's the release notes for the 2.9.1 beta: [*] New Additions * HTTP aware TCP reassembly support within HTTP Inspect and Stream5, allowing Snort to more intelligently inspect HTTP requests and responses. See README.stream5 subsection related to Protocol Aware Flushing (PAF). * SIP preprocessor to identify SIP call channels and provide rule access via new rule option keywords. See the Snort Manual and README.sip for details. * POP3 & IMAP preprocessors to decode email attachments in Base64, Quoted Printable, and uuencode formats, and updates to SMTP preprocessor for decoding email attachments encoded as Quoted Printable and uuencode formats. See the Snort Manual, README.pop, README.imap, and README.SMTP for details. * Add support for reading large pcap files. [*] Improvements * Logging of HTTP URL (host and filename), SMTP attachment filenames and email recipients when Snort generates events on related traffic. * Updates to give shared library rules direct access to gzip decoding capabilities. * Rule Option Improvements: - Updates to content modifier http_cookie to not include the HTTP header names themselves in the buffer. This change may affect existing rules that leverage this keyword. - Updates to the file_data and base64_data rule option keywords and added a pkt_data rule option keyword that sets the buffer to be used for subsequent content/pcre/etc rule options. - Updates to the tcp flag rule option keyword to support 'C' and 'E' for CWR and ECN bits. - Updates to byte_extract rule option keyword to support the same string formats as with byte_test and byte_jump. * Updates to Snort's build infrastructure and autoconf script for portability and improved checks for library dependencies. * Many updates and improvements to the Snort documentation. Special thanks to all of the contributors from the Snort community for working with us and making the documentation more accurate and usable. * Updates to the sensitive data preprocessor for handling HTTP traffic and reducing false positives. * Updates to Snort's config parsing to give more meaningful error messages relating to snort.conf errors and configuration display at startup. * Updates to Snort's active response packets whether via response keyword or part of inline normalization. * Improvements to HTTP Inspect processing of chunked HTTP data. * Updates to the statistics Snort prints to console or syslog at exit for different preproessors. * To facilitate easier building of Snort on many of the different platforms supported, Snort now uses pkg-config to check for certain library locations. Obtain pkg-config from freedesktop.org.
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 11)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Martin Holste (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Russ Combs (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! beenph (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! firnsy (Jun 14)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 14)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Randal T. Rioux (Jun 14)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Joel Esler (Jun 14)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Russ Combs (Jun 13)
- Re: Snort.org Blog: Snort 2.9.1 beta coming soon! Martin Holste (Jun 13)