[Snort-devel] Snort 2.0 Released!
roesch at ...402...
Mon Apr 14 08:59:20 EDT 2003
Snort 2.0 has been released and is available at http://www.snort.org.
Snort 2.0 is the result of many months of effort on the part of dozens
of people and has a slew of new features:
* Enhanced high-performance detection engine
* Stateful Pattern Matching
* New detection keywords: byte_test & byte_jump
* The Snort code base has undergone an external third party
professional security audit funded by Sourcefire
* Many new and updated rules
* snort.conf has been updated
* Enhancements to self preservation mechanisms in stream4 and frag2
* State tracking fixes in stream4
* New HTTP flow analyzer
* Enhanced protocol decoding (TCP options, 802.1q, etc)
* Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP,
* Enhanced flexresp mode for real-time TCP session sniping
* Better chroot()'ing
* Tagging system updated
* Several million bugs addressed....
* Updated FAQ (thanks to Erek Adams and Dragos Ruiu)
Snort 2.0 can be downloaded at
http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary versions of the
code base will be built over the next several days and made available
Thanks to everyone who has contributed and helped out over the past
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-devel