[Snort-devel] Snort 2.0 rc1 available

Martin Roesch roesch at ...402...
Wed Mar 26 13:49:05 EST 2003


The Snort 2.0 release candidate 1 is available for your testing.  We've 
been working on and tweaking Snort 2.0 for quite a while now and it's 
looking like it's ready to go.  Please download it and check it out at 
the earliest opportunity.  If you find any bugs, please read the 
doc/BUGS file before submitting a bug report, Snort works on too many 
platforms for us to guess at your configuration!

  This version features:

* Higher performance (due to a new pattern matcher and rebuilt 
detection engine)
* Better decoders
* Enhanced stream reassembly and defragmentation
* Tons of bug fixes
* Updated rules
* Updated snort.conf
* New detection keywords (byte_test, byte_jump, distance, within) & 
stateful pattern matching
* New HTTP flow analyzer
* Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
* Better self preservation in stateful sunsystems
* Xrefs fixed
* Flexresp works faster and more effectively
* Better chroot()'ing
* Fixed 802.1q decoding
* Better async state handling
* New alerting option: -A cmg!!

The source tarball is available at 
http://www.snort.org/dl/snort-2.0.0rc1.tar.gz.  A win32 build will 
follow shortly!

Brought to you by the character ':', the letters 'w' and 'q' and the 
number 0x41414141.  Enjoy!

      -Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-devel mailing list