[Snort-devel] Snort 1.8.6 is Available!

Chris Green cmg at ...402...
Mon Apr 8 15:14:19 EDT 2002


This is the first official announcement of a new Snort version in
several months and it contains a multitude of fixes over previous
versions.  While the official releases have gone very slowly lately,
the development of snort has picked up immensely.

1.8.4 and 1.8.5 both had bugs that were found right as we were ready
to do a full release and represented good midway points but 1.8.6
should be the stable target.

http://www.snort.org/dl/snort-1.8.6.tar.gz

This release has many many fixes over 1.8.3.  Lots of bugs in stream4
have been ironed out thanks to Phil Wood and myself staring at various
lines of code for hours on end.

The major "gotcha" with this release will be that rules with <- used
as the direction operator are no longer accepted.  This is a bug fix
in that it was assumed to be -> before ( unless you compiled with a
specific define set).

* The ICMP decoders have been rewritten.
* (This is a summary of recent changes -- not all mine)
* Fixed stream4 offset initialization
* Double Open of snort log file
* Lots of new rules
* Fatal error on problems other than -> and <>
* Fixed stream4 several low memory conditions
* Error checking in stream4/frag2 argument parsing
* snort-db schema updates to 1.05
* --with-pcap-includes should now look at specified pcap
* packet statistics now should be more accurate with regards to lost frags
* double PID file write
* S4 alignment problems on SPARC fixed ( rpc_decode still has SPARC
alignment errors )
* new snmptrap code
* documentation updates
* Stability fixes in frag2
* SEQ / ACK checking should be correct (reported by Judy Novak; fix --
                                        Phil Wood)
* Reassembled packets with stream4 will now also be inspected when
  using -z est  (reported by Andrea Barisani -- thanks for the
                 patience)
* ip fragments are now calculated correctly (reported by Judy Novak)
* rule headers correctly matched (Christian Mock)
  ( multiple CIDR performance greatly increased )

Unfortunately, I've forgotten a lot of the names that I should be
thanking here so please forgive me if you haven't been mentioned.

Packages for various platforms will be uploaded as available


Help Needed:

We are trying very hard to have a great snort.org rules database full
of information to help us all spend less time researching events that
our sensors pick up.  Just pick 1 signature from
http://www.snort.org/snort-db/unfinished.html, queue it up and submit
the template ( http://www.snort.org/snort-db/snort-sid-template.txt )
to snort-sigs at lists.sourceforge.net

Our full request for help is here:

http://www.snort.org/snort-db/help-us.html

I'd also like extend thanks to everyone that has been contributing to
the database.  Putting in a few definitions really helps out.
-- 
Chris Green <cmg at ...402...>
http://www.sourcefire.com http://www.snort.org





More information about the Snort-devel mailing list