[Snort-devel] Snort 2.9.1 RC Now Available

rmkml rmkml at ...2519...
Tue Jul 19 16:39:46 EDT 2011


Congratulations Snort Team!
two small typo on ChangeLog please:
  s/Permon/Perfmon/
  s/Perfomnitor/Perfmonitor/
Regards
Rmkml


On Tue, 19 Jul 2011, Snort Releases wrote:

> Snort 2.9.1 RC is now available on snort.org, at
> http://www.snort.org/snort-downloads/ in the Latest Development
> Release section.
>
> 2.9.0 RC & later packages are signed with a new PGP key
> (that is signed with the previous key).
>
> ****
> NOTE: Snort 2.9.1 requires pkg-config be installed for some
> of its autoconf processing.  See details below.
> ****
>
> Snort 2.9.1 introduces the following new capabilities:
>
>   * Protocol aware reassembly support for HTTP and DCE/RPC
>     preprocessors.  Updates to Stream5 allowing Snort to more
>     intelligently inspect HTTP and DCE/RPC requests and responses.
>     See README.stream5 subsection related to Protocol Aware Flushing
>     (PAF).
>
>   * SIP preprocessor to identify SIP call channels and provide
>     rule access via new rule option keywords.  Also includes new
>     preprocessor rules for anomalies in the SIP communications.
>     See the Snort Manual and README.sip for details.
>
>   * POP3 & IMAP preprocessors to decode email attachments in
>     Base64, Quoted Printable, and uuencode formats, and updates
>     to SMTP preprocessor for decoding email attachments encoded
>     as Quoted Printable and uuencode formats.  See the Snort
>     Manual, README.pop, README.imap, and README.SMTP for details.
>
>   * Support for reading large pcap files.
>
>   * Logging of HTTP URL (host and filename), SMTP attachment
>     filenames and email recipients to unified2 when Snort generates
>     events on related traffic.
>
>   * IP Reputation preprocessor, allowing Snort to blacklist or
>     whitelist packets based on their IP addresses. This preprocessor
>     is still in an experimental state, so please report any issues
>     to the Snort team.  See README.reputation for more information.
>
> Additionally, the following updates and improvements have been made:
>
>   * Updates to give shared library rules direct access to gzip
>     decoding capabilities.
>
>   * Rule Option Improvements:
>
>     - Updates to content modifier http_cookie to not include
>       the HTTP header names themselves in the buffer.  This change
>       may affect existing rules that leverage this keyword.
>
>     - Updates to the file_data and base64_data rule option keywords
>       and added a pkt_data rule option keyword that sets the buffer
>       to be used for subsequent content/pcre/etc rule options.
>
>     - Updates to the tcp flag rule option keyword to support 'C'
>       and 'E' for CWR and ECN bits.
>
>     - Updates to byte_extract rule option keyword to support
>       the same string formats as with byte_test and byte_jump.
>
>   * Updates to Snort's build infrastructure and autoconf script
>     for portability and improved checks for library dependencies.
>     To facilitate easier building of Snort on many of the different
>     platforms supported, Snort now uses pkg-config to check for
>     certain library locations.  Obtain pkg-config from freedesktop.org.
>
>   * Many updates and improvements to the Snort documentation.  Special
>     thanks to all of the contributors from the Snort community for
>     working with us and making the documentation more accurate and
>     usable.
>
>   * Updates to the sensitive data preprocessor for handling HTTP
>     traffic and reducing false positives.
>
>   * Updates to Snort's config parsing to provide more meaningful
>     error messages relating to snort.conf errors and configuration
>     display at startup.
>
>   * Updates to Snort's active response packets whether via response
>     keyword or part of inline normalization.
>
>   * Improvements to HTTP Inspect processing of chunked HTTP data.
>     Additional HTTP Inspect alerts for evasion attempts such as small
>     chunks and excessive whitespace in folded headers.
>
>   * Updates to the statistics Snort prints to console or syslog
>     at exit for different preproessors.
>
> Please see the Release Notes and ChangeLog for more details.
>
> Please submit bugs, questions, and feedback to snort-beta at ...2780...
>
> Happy Snorting!
> The Snort Release Team
>
>
> ------------------------------------------------------------------------------
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> http://www.accelacomm.com/jaw/sfnl/114/51385063/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>




More information about the Snort-devel mailing list