[Snort-devel] [Snort-users] Snort 2.9.8 Now Available
snort at ...3347...
Tue Dec 1 12:08:54 EST 2015
I just threw in a quick test VM and Snort 188.8.131.52 seems to start up fine with the 184.108.40.206 rules (including so) tarball.
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 220.127.116.11 GRE (Build 229)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.5.3
Using PCRE version: 8.31 2012-07-06
Using ZLIB version: 1.2.8
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1>
Rules Object: protocol-snmp Version 1.0 <Build 1>
Rules Object: protocol-other Version 1.0 <Build 1>
Preprocessor Object: SF_SIP Version 1.1 <Build 1>
Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
Snort successfully validated the configuration!
From: Dr. Stephen Gantz <stephen.gantz at ...3626...>
Sent: Tuesday, December 1, 2015 1:36 AM
To: Snort Releases; snort-devel at lists.sourceforge.net; snort-users at ...204...urceforge.net
Subject: Re: [Snort-users] Snort 2.9.8 Now Available
Any issue with running 18.104.22.168 rules with this release pending a 2.9.8 ruleset?
Dr. Stephen D. Gantz
CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO
Professor of Information Assurance
The Graduate School
University of Maryland University College
stephen.gantz at ...3626...<mailto:stephen.gantz at ...3626...>
-------- Original message --------
From: Snort Releases <snortreleases at ...835...>
Date: 11/30/2015 2:30 PM (GMT-05:00)
To: snort-devel at lists.sourceforge.net, snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort 2.9.8 Now Available
Snort 2.9.8 is now available on snort.org at
http://www.snort.org/downloads in the Snort Stable Release section.
2015-11-17 - Snort 22.214.171.124
[*] New additions
* SMBv2/SMBv3 support for file inspection.
* Port override for metadata service in IPS rules.
* AppID Lua detector performance profiling.
* Perfmon dumps stats at fixed intervals from absolute time.
* New preprocessor alert (120:18) to detect SSH tunneling over HTTP
* New config option |disable_replace| to disable replace rule option.
* New Stream configuration |log_asymmetric_traffic| to control logging to syslog.
* New shell script in tools to create simple Lua detectors for AppID.
* sfip_t refactored to use struct in6_addr for all ip addresses.
* Post-detection callback for preprocessors.
* AppID support for multiple server/client detectors evaluating on same flow.
* AppID API for DNS packets.
* Memory optimizations throughout.
* Support sending UDP active responses.
* Fix perfmon tracking of pruned packets.
* Stability improvements for AppID.
* Stability improvements for Stream6 preprocessor.
* Added improved support to block malware in FTP preprocessor.
* Added support to differentiate between active and passive FTP connections.
* Improvements done in Stream6 preprocessor to avoid having duplicate packets
in the DAQ retry queue.
* Resolved an issue where reputation config incorrectly displayed 'blacklist' in
priority field even though 'whitelist' option was configured.
* Added support for multiple expected sessions created per packet
* Active response now supports MPLS
Please submit bugs, questions, and feedback to bugs at ...835...<mailto:tobugs at ...835...> or the
Snort-Users mailing list.
The Snort Release Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel