[Snort-devel] Snort 2.2.0-RC1 available

Jeremy Hewlett jh at ...402...
Tue Jun 29 09:05:10 EDT 2004


Good afternoon!

The first release candidate of Snort v2.2 is available! We ask that
everyone give it a whirl and let us know what you think.  Source and
Win32 installer are currently available, RPMs are coming shorty.

The major features/fixes of Snort 2.2.0 RC1 include:

* Added new TCP state engine

* Added ASN.1 parsing and detection functionality to snort.  Please
  refer to README.asn1 for more information on rule usage.

* Fixed rebuilt TCP packet munging reported by Steve Halligan.  Thanks
  a lot for getting this problem down to pcap so we could analyze the
  problem.

* Improve TCP reassembly flushing for TCP streams that have already
  generated an alert.  This was illustrated by Brian Bailey in his
  SANS GIAC practical examination.  Thanks for working with us on this
  one.

* Added webroot alert.  This alert is generated when a URL directory
  traversal traverses past the webroot.  Added new URI discovery
  technique pointed out by Kanatoko. Please see doc/README.http_inspect
  for more details.

* New Aho-Corasick pattern matchers.  Added content length tracking on
  otnx structures.

* Chunked Encoding false positives fixed in http_inspect. Thanks
  Lindsey Cheng for finding the problem.

* Updated RPMs - please see contrib/rpm/CHANGES.rpms for further
  details.

The Snort documentation for 2.2 is still a work in progress, and has
not yet been completely updated. To that end, if anyone has any
suggestions on improvments for documentation, please send it to Brian
Caswell and myself.

..and as always, a big thank you to the community for your continued
support and suggestions!

Cheers,
The Snort Team




More information about the Snort-devel mailing list