[Snort-devel] Snort 2.9.1 RC Now Available
rmkml at ...2519...
Tue Jul 19 16:39:46 EDT 2011
Congratulations Snort Team!
two small typo on ChangeLog please:
On Tue, 19 Jul 2011, Snort Releases wrote:
> Snort 2.9.1 RC is now available on snort.org, at
> http://www.snort.org/snort-downloads/ in the Latest Development
> Release section.
> 2.9.0 RC & later packages are signed with a new PGP key
> (that is signed with the previous key).
> NOTE: Snort 2.9.1 requires pkg-config be installed for some
> of its autoconf processing. See details below.
> Snort 2.9.1 introduces the following new capabilities:
> * Protocol aware reassembly support for HTTP and DCE/RPC
> preprocessors. Updates to Stream5 allowing Snort to more
> intelligently inspect HTTP and DCE/RPC requests and responses.
> See README.stream5 subsection related to Protocol Aware Flushing
> * SIP preprocessor to identify SIP call channels and provide
> rule access via new rule option keywords. Also includes new
> preprocessor rules for anomalies in the SIP communications.
> See the Snort Manual and README.sip for details.
> * POP3 & IMAP preprocessors to decode email attachments in
> Base64, Quoted Printable, and uuencode formats, and updates
> to SMTP preprocessor for decoding email attachments encoded
> as Quoted Printable and uuencode formats. See the Snort
> Manual, README.pop, README.imap, and README.SMTP for details.
> * Support for reading large pcap files.
> * Logging of HTTP URL (host and filename), SMTP attachment
> filenames and email recipients to unified2 when Snort generates
> events on related traffic.
> * IP Reputation preprocessor, allowing Snort to blacklist or
> whitelist packets based on their IP addresses. This preprocessor
> is still in an experimental state, so please report any issues
> to the Snort team. See README.reputation for more information.
> Additionally, the following updates and improvements have been made:
> * Updates to give shared library rules direct access to gzip
> decoding capabilities.
> * Rule Option Improvements:
> - Updates to content modifier http_cookie to not include
> the HTTP header names themselves in the buffer. This change
> may affect existing rules that leverage this keyword.
> - Updates to the file_data and base64_data rule option keywords
> and added a pkt_data rule option keyword that sets the buffer
> to be used for subsequent content/pcre/etc rule options.
> - Updates to the tcp flag rule option keyword to support 'C'
> and 'E' for CWR and ECN bits.
> - Updates to byte_extract rule option keyword to support
> the same string formats as with byte_test and byte_jump.
> * Updates to Snort's build infrastructure and autoconf script
> for portability and improved checks for library dependencies.
> To facilitate easier building of Snort on many of the different
> platforms supported, Snort now uses pkg-config to check for
> certain library locations. Obtain pkg-config from freedesktop.org.
> * Many updates and improvements to the Snort documentation. Special
> thanks to all of the contributors from the Snort community for
> working with us and making the documentation more accurate and
> * Updates to the sensitive data preprocessor for handling HTTP
> traffic and reducing false positives.
> * Updates to Snort's config parsing to provide more meaningful
> error messages relating to snort.conf errors and configuration
> display at startup.
> * Updates to Snort's active response packets whether via response
> keyword or part of inline normalization.
> * Improvements to HTTP Inspect processing of chunked HTTP data.
> Additional HTTP Inspect alerts for evasion attempts such as small
> chunks and excessive whitespace in folded headers.
> * Updates to the statistics Snort prints to console or syslog
> at exit for different preproessors.
> Please see the Release Notes and ChangeLog for more details.
> Please submit bugs, questions, and feedback to snort-beta at ...2780...
> Happy Snorting!
> The Snort Release Team
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
More information about the Snort-devel