[Snort-devel] Snort 2.3.0 RC2 released
jh at ...402...
Wed Dec 15 08:19:03 EST 2004
Thanks to everyone who tested and commented on the Snort 2.3.0 RC1
release. Your support is, as always, very much appreciated.
Since Snort 2.3.0 RC1 was released, we've added some new functionality,
and wanted to go ahead and do another Release Candidate once more before
final. The main features of this release are some new rule option
features to byte_jump that can be used for advanced SMB exploit
detection. New rules that use this functionality will be available
shortly from http://www.snort.org.
So without further delay, we're pleased to announce the availability of
Snort 2.3.0 RC2. The following bulleted items are the complete release
notes for RC2:
* Added from_beginning and multiplier options for byte_jump.
from_beginning skips bytes from the beginning of the content,
instead of from the location immediately following the number
of bytes to skip. multiplier takes a numeric argument, and
skips x times that number of bytes. Thanks Steve Sturges.
* Updated documentation on flow_depth and HTTP headers per
conversations with Joe Patterson. Thanks Joe!
* Small performance improvement to arpspoof and also fixed a problem
where the list of configured IP/MAC entries would contain only one
entry and leaked memory. Thanks Jeff Nathan.
* Fixed a problem affecting MacOS X where linking may fail with
non-standard libraries when global symbols are encountered multiple
times. Thanks Jeff Nathan.
* Ignore RST|ACK midstream pickup case so we don't get an evasive TCP
alerts. Thanks for the report, Sekure. Thanks Dan Roelker for the fix.
* Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the
logdir config will work if the default or command-line logdir does not
exist on the system. Thanks Dan Roelker.
* Fixed bug when setting the doe_ptr on a successful pcre match.
It is now set relative to base_ptr. Thanks Steve Sturges for the
* In "fast" output, now log only actual packet contents when UDP
data length is greater than actual data length. Thanks Brian
Caswell for spotting this, and Andrew Mullican for working on the fix.
Further details can be found in the ChangeLog. Thanks again for the
support, and please let us know what you think of this release.
The Snort Team
More information about the Snort-devel