Snort mailing list archives
Re: [Snort-users] Snort 2.9.8 Now Available
From: Y M <snort () outlook com>
Date: Tue, 1 Dec 2015 17:08:54 +0000
Stephen, I just threw in a quick test VM and Snort 2.9.8.0 seems to start up fine with the 2.9.7.6 rules (including so) tarball. <snip> --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.8.0 GRE (Build 229) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.5.3 Using PCRE version: 8.31 2012-07-06 Using ZLIB version: 1.2.8 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1> Rules Object: protocol-snmp Version 1.0 <Build 1> Rules Object: protocol-other Version 1.0 <Build 1> ..... Preprocessor Object: SF_SIP Version 1.1 <Build 1> Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Snort successfully validated the configuration! Snort exiting </snip> YM ________________________________ From: Dr. Stephen Gantz <stephen.gantz () faculty umuc edu> Sent: Tuesday, December 1, 2015 1:36 AM To: Snort Releases; snort-devel () lists sourceforge net; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort 2.9.8 Now Available Any issue with running 2.9.7.6 rules with this release pending a 2.9.8 ruleset? Dr. Stephen D. Gantz CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO Professor of Information Assurance The Graduate School University of Maryland University College stephen.gantz () faculty umuc edu<mailto:stephen.gantz () faculty umuc edu> -------- Original message -------- From: Snort Releases <snortreleases () snort org> Date: 11/30/2015 2:30 PM (GMT-05:00) To: snort-devel () lists sourceforge net, snort-users () lists sourceforge net Subject: [Snort-users] Snort 2.9.8 Now Available Snort 2.9.8 is now available on snort.org at http://www.snort.org/downloads in the Snort Stable Release section. 2015-11-17 - Snort 2.9.8.0 [*] New additions * SMBv2/SMBv3 support for file inspection. * Port override for metadata service in IPS rules. * AppID Lua detector performance profiling. * Perfmon dumps stats at fixed intervals from absolute time. * New preprocessor alert (120:18) to detect SSH tunneling over HTTP * New config option |disable_replace| to disable replace rule option. * New Stream configuration |log_asymmetric_traffic| to control logging to syslog. * New shell script in tools to create simple Lua detectors for AppID. [*] Improvements * sfip_t refactored to use struct in6_addr for all ip addresses. * Post-detection callback for preprocessors. * AppID support for multiple server/client detectors evaluating on same flow. * AppID API for DNS packets. * Memory optimizations throughout. * Support sending UDP active responses. * Fix perfmon tracking of pruned packets. * Stability improvements for AppID. * Stability improvements for Stream6 preprocessor. * Added improved support to block malware in FTP preprocessor. * Added support to differentiate between active and passive FTP connections. * Improvements done in Stream6 preprocessor to avoid having duplicate packets in the DAQ retry queue. * Resolved an issue where reputation config incorrectly displayed 'blacklist' in priority field even though 'whitelist' option was configured. * Added support for multiple expected sessions created per packet * Active response now supports MPLS Please submit bugs, questions, and feedback to bugs () snort org<mailto:tobugs () snort org> or the Snort-Users mailing list. Happy Snorting! The Snort Release Team
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.8 Now Available Snort Releases (Nov 30)
- <Possible follow-ups>
- Re: Snort 2.9.8 Now Available Dr. Stephen Gantz (Nov 30)
- Re: [Snort-users] Snort 2.9.8 Now Available Y M (Dec 01)
- Re: [Snort-users] Snort 2.9.8 Now Available Michael Steele (Dec 01)
- Re: [Snort-users] Snort 2.9.8 Now Available Joel Esler (jesler) (Dec 01)
- Re: [Snort-users] Snort 2.9.8 Now Available Y M (Dec 01)
- Re: Snort 2.9.8 Now Available Rafael Paris (Dec 01)
- Re: Snort 2.9.8 Now Available Rafael Leiva-Ochoa (Dec 01)