[Snort-devel] Snort 2.2.0-RC1 available
jh at ...402...
Tue Jun 29 09:05:10 EDT 2004
The first release candidate of Snort v2.2 is available! We ask that
everyone give it a whirl and let us know what you think. Source and
Win32 installer are currently available, RPMs are coming shorty.
The major features/fixes of Snort 2.2.0 RC1 include:
* Added new TCP state engine
* Added ASN.1 parsing and detection functionality to snort. Please
refer to README.asn1 for more information on rule usage.
* Fixed rebuilt TCP packet munging reported by Steve Halligan. Thanks
a lot for getting this problem down to pcap so we could analyze the
* Improve TCP reassembly flushing for TCP streams that have already
generated an alert. This was illustrated by Brian Bailey in his
SANS GIAC practical examination. Thanks for working with us on this
* Added webroot alert. This alert is generated when a URL directory
traversal traverses past the webroot. Added new URI discovery
technique pointed out by Kanatoko. Please see doc/README.http_inspect
for more details.
* New Aho-Corasick pattern matchers. Added content length tracking on
* Chunked Encoding false positives fixed in http_inspect. Thanks
Lindsey Cheng for finding the problem.
* Updated RPMs - please see contrib/rpm/CHANGES.rpms for further
The Snort documentation for 2.2 is still a work in progress, and has
not yet been completely updated. To that end, if anyone has any
suggestions on improvments for documentation, please send it to Brian
Caswell and myself.
..and as always, a big thank you to the community for your continued
support and suggestions!
The Snort Team
More information about the Snort-devel