Snort mailing list archives

Snort 2.9.6 RC Now Available

From: Snort Releases <snortreleases () snort org>
Date: Thu, 12 Dec 2013 17:12:03 -0500
Snort 2.9.6 RC is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.

NOTE: There is an update to the DAQ library as well to address
a few items on different platforms.

Snort 2.9.6 includes changes for the following:

2013-12-10 - Snort 2.9.6.0 RC
[*] New additions
* Add support to do file specific processing within DCERPC preprocessor
   for files being transferred over SMB.

* File capture and storage -- saves files as they traverse the network
   via a new preprocessor that ties in support within HTTP, FTP, SMTP,
   POP, IMAP, and SMB.  See README.file and README.file_server (under
   tools/file_server) for details.

* Add <= and >= operators to byte_test rule option.

* Update SMTP to detect Cyrus SASL authentication attack.

* Add capability to capture a single session from start to end.

* EXPERIMENTAL: Add support to leverage file type identification in
   snort rules.  See README.file_ips for details.

[*] Improvements
* Only inject active responses when a TCP session is established.

* Update the POP and IMAP protocols to support simple PAF for improved
   identification and capture of files.

* Update SMTP, POP, IMAP to improve inspection when mime boundaries are
   split across packets.

* Address issue to address end of line incorrectly for Quoted Printable
   email attachments.

* Handle out of order SSL handshake in SMTP when STARTTLS is used and
   fix checks for SSL type only within the SSL hand shake.

* Update sensitive data preprocessor to handle a stateful search of
   patterns across multiple packets.

* Address a few issues in the Snort manual and other READMEs for
   flowbits and tunneling.

* Save off packet data for quicker debugging in case of a SIGABRT or
   SIGBUS.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs () snort org.

Happy Snorting!
The Snort Release Team


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Current thread:

Snort 2.9.6 RC Now Available Snort Releases (Dec 12)
- <Possible follow-ups>
- Snort 2.9.6 RC Now Available Snort Releases (Dec 12)