[Snort-devel] IDS: Snort 1.8.2 released

Martin Roesch roesch at ...402...
Sat Nov 10 02:22:05 EST 2001


Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner at ...508...
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo at ...508...
-----------------------------------------------------------------------------
Snort 1.8.2 is available for download at http://www.snort.org!  

This is mostly a bugfix release, Snort is now more stable and more
usable than it's been in quite a while, and should do a good job of
tiding people over while we transition to 2.0 and the codebase gets a
little more "fluid".

Here's the list of fixes:

    * fixed UTC timestamps
    * fixed SIGUSR1 handling, should reset properly now after getting 
      a signal on all platforms
    * fixed PID path generation code, PID files go in the right place
now
    * fixed stability problems in stream4
    * fixed stability problems in frag2
    * tweaks to spo_unified for better integration with barnyard
    * added -f switch to turn off fflush() calls in binary logging mode
    * added new config keyword to stream4, "log_flushed_streams", which 
      causes all buffered packets in the stream reassembler for that 
      session to be logged in the event of an event on that stream (must 
      be used in conjunction with spo_log_tcpdump)
    * added packet precacheing for flexresp TCP packets, responses 
      should be generated more quickly
    * fixed rules parser code for various failure modes
    * several new rules files and a new classification system
    * 60+ new rules since the last release added

After this release we're going to reorganize the whole source tree and
do a quick 1.9 version with the new code layout.  Once that's done,
we're going to begin coding 2.0 in earnest in December, hopefully doing
our initial release sometime in the February time frame.

Snort 1.8.2 is available in the following package types at
http://www.snort.org on the Downloads page:
* source tarball
* RPM (10 flavors)
* Solaris Package
* OpenBSD Package
* FreeBSD Package
* win32 executable installer

Enjoy!


     -Marty

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...402... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-devel mailing list