[Snort-devel] Snort 2.8.5 Beta Now Available

rmkml rmkml at ...879...
Thu May 14 09:39:09 EDT 2009

First, Congratulations SF team for this new version!
Im found a segfault with this new version with this rule:
  alert tcp any any -> any any (msg:"snort v2.8.5 beta SegFault"; content:"test"; within:; nocase; sid:987654321; rev:1;)
Yes, within keyword don't have value! and snort crash with nocasei keyword...
look my very simple snort.conf:
  dynamicpreprocessor directory dynamic-preprocessors/build/usr/local/lib/snort_dynamicpreprocessor/
  dynamicengine dynamic-plugins/sf_engine/.libs/libsf_engine.so
  preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp no
and sid 987654321 of course!

Please add my pseudo to Credits file and my company: Crusoe Researches.
Happy Detect (snort,bro,azwalaro)

On Thu, 14 May 2009, Snort Releases wrote:

> A beta version of Snort 2.8.5 is now available on snort.org, at
> http://www.snort.org/dl/
> Snort 2.8.5 introduces:
> - Ability to specify multiple configurations (snort.conf and everything
>  it includes), bound either by Vlan ID or IP Address.  This allows you
>  to run one instance of Snort with multiple snort.conf, rather than
>  having separate processes.
> - Continued inspection of traffic while reloading a configuration.
>  Add --enable-reload option to your configure script prior to building.
> - Rate Based Attack prevention for Connection Attempts, Concurrent
>  Connections, and improved rule/event filtering.  See README.filters
>  for details.
> - SSH preprocessor (no longer experimental)
> - Performance improvements in various places
> Please see the Release Notes and ChangeLog for more details.
> Please submit bugs, questions, and feedback to snort-beta at ...2780...
> Happy Snorting!
> The Snort Release Team

More information about the Snort-devel mailing list