Snort mailing list archives
Re: [Snort-users] Snort 2.9.8 Now Available
From: "Michael Steele" <michaels () winsnort com>
Date: Tue, 1 Dec 2015 15:25:17 -0500
This is usually the case when a new Snort release is pushed and Sourcefire does not sync the new Snort release with the current rules. The latest usually works, even if the versions do not match. I believe in most cases it's just a filename rename that happens. However, it brings up another question; Pulledpork extracts the Snort version from the Snort install; What happens when the Snort version fails to find a version of the rules that don't match? Not a problem for windows because Windows requires a manual switch entry. Sourcefire has been pretty good lately when making sure when a new Snort release happens, that the rules filename changes. I have no idea what happened here, but it does cause confusion when this happens. Sourcefire can you please sync the rules filename with the new releases when pushed to the general public. Kindest regards, Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ <http://www.winsnort.com> http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - <http://www.snort.org> http://www.snort.org * ********************************************************* From: Y M [mailto:snort () outlook com] Sent: Tuesday, December 1, 2015 12:09 PM To: Dr. Stephen Gantz <stephen.gantz () faculty umuc edu> Cc: Snort Releases <snortreleases () snort org>; snort-users () lists sourceforge net; snort-devel () lists sourceforge net Subject: Re: [Snort-users] Snort 2.9.8 Now Available Stephen, I just threw in a quick test VM and Snort 2.9.8.0 seems to start up fine with the 2.9.7.6 rules (including so) tarball. <snip> --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.8.0 GRE (Build 229) '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.5.3 Using PCRE version: 8.31 2012-07-06 Using ZLIB version: 1.2.8 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1> Rules Object: protocol-snmp Version 1.0 <Build 1> Rules Object: protocol-other Version 1.0 <Build 1> ..... Preprocessor Object: SF_SIP Version 1.1 <Build 1> Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Snort successfully validated the configuration! Snort exiting </snip> YM _____ From: Dr. Stephen Gantz <stephen.gantz () faculty umuc edu <mailto:stephen.gantz () faculty umuc edu> > Sent: Tuesday, December 1, 2015 1:36 AM To: Snort Releases; snort-devel () lists sourceforge net <mailto:snort-devel () lists sourceforge net> ; snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort 2.9.8 Now Available Any issue with running 2.9.7.6 rules with this release pending a 2.9.8 ruleset? Dr. Stephen D. Gantz CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO Professor of Information Assurance The Graduate School University of Maryland University College <mailto:stephen.gantz () faculty umuc edu> stephen.gantz () faculty umuc edu -------- Original message -------- From: Snort Releases <snortreleases () snort org <mailto:snortreleases () snort org> > Date: 11/30/2015 2:30 PM (GMT-05:00) To: snort-devel () lists sourceforge net <mailto:snort-devel () lists sourceforge net> , snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Subject: [Snort-users] Snort 2.9.8 Now Available Snort 2.9.8 is now available on snort.org at <http://www.snort.org/downloads> http://www.snort.org/downloads in the Snort Stable Release section. 2015-11-17 - Snort 2.9.8.0 [*] New additions * SMBv2/SMBv3 support for file inspection. * Port override for metadata service in IPS rules. * AppID Lua detector performance profiling. * Perfmon dumps stats at fixed intervals from absolute time. * New preprocessor alert (120:18) to detect SSH tunneling over HTTP * New config option |disable_replace| to disable replace rule option. * New Stream configuration |log_asymmetric_traffic| to control logging to syslog. * New shell script in tools to create simple Lua detectors for AppID. [*] Improvements * sfip_t refactored to use struct in6_addr for all ip addresses. * Post-detection callback for preprocessors. * AppID support for multiple server/client detectors evaluating on same flow. * AppID API for DNS packets. * Memory optimizations throughout. * Support sending UDP active responses. * Fix perfmon tracking of pruned packets. * Stability improvements for AppID. * Stability improvements for Stream6 preprocessor. * Added improved support to block malware in FTP preprocessor. * Added support to differentiate between active and passive FTP connections. * Improvements done in Stream6 preprocessor to avoid having duplicate packets in the DAQ retry queue. * Resolved an issue where reputation config incorrectly displayed 'blacklist' in priority field even though 'whitelist' option was configured. * Added support for multiple expected sessions created per packet * Active response now supports MPLS Please submit bugs, questions, and feedback to <mailto:tobugs () snort org> bugs () snort org or the Snort-Users mailing list. Happy Snorting! The Snort Release Team
------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.8 Now Available Snort Releases (Nov 30)
- <Possible follow-ups>
- Re: Snort 2.9.8 Now Available Dr. Stephen Gantz (Nov 30)
- Re: [Snort-users] Snort 2.9.8 Now Available Y M (Dec 01)
- Re: [Snort-users] Snort 2.9.8 Now Available Michael Steele (Dec 01)
- Re: [Snort-users] Snort 2.9.8 Now Available Joel Esler (jesler) (Dec 01)
- Re: [Snort-users] Snort 2.9.8 Now Available Y M (Dec 01)
- Re: Snort 2.9.8 Now Available Rafael Paris (Dec 01)
- Re: Snort 2.9.8 Now Available Rafael Leiva-Ochoa (Dec 01)