[Snort-devel] [Snort-users] Snort 2.9.8 Now Available

Y M snort at ...3347...
Tue Dec 1 12:08:54 EST 2015


Stephen,


I just threw in a quick test VM and Snort 2.9.8.0 seems to start up fine with the 2.9.7.6 rules (including so) tarball.


<snip>


--== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.8.0 GRE (Build 229)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
           Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.5.3
           Using PCRE version: 8.31 2012-07-06
           Using ZLIB version: 1.2.8

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build 1>
           Rules Object: protocol-snmp  Version 1.0  <Build 1>
           Rules Object: protocol-other  Version 1.0  <Build 1>

.....

           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>

Snort successfully validated the configuration!
Snort exiting

</snip>



YM


________________________________
From: Dr. Stephen Gantz <stephen.gantz at ...3626...>
Sent: Tuesday, December 1, 2015 1:36 AM
To: Snort Releases; snort-devel at lists.sourceforge.net; snort-users at ...204...urceforge.net
Subject: Re: [Snort-users] Snort 2.9.8 Now Available

Any issue with running 2.9.7.6 rules with this release pending a 2.9.8 ruleset?



Dr. Stephen D. Gantz
CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO
Professor of Information Assurance
The Graduate School
University of Maryland University College
stephen.gantz at ...3626...<mailto:stephen.gantz at ...3626...>
-------- Original message --------
From: Snort Releases <snortreleases at ...835...>
Date: 11/30/2015 2:30 PM (GMT-05:00)
To: snort-devel at lists.sourceforge.net, snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort 2.9.8 Now Available


Snort 2.9.8 is now available on snort.org at

http://www.snort.org/downloads in the Snort Stable Release section.

2015-11-17 - Snort 2.9.8.0
[*] New additions
 *  SMBv2/SMBv3 support for file inspection.

 *  Port override for metadata service in IPS rules.

 *  AppID Lua detector performance profiling.

 *  Perfmon dumps stats at fixed intervals from absolute time.

 *  New preprocessor alert (120:18) to detect SSH tunneling over HTTP

 *  New config option |disable_replace| to disable replace rule option.

 *  New Stream configuration |log_asymmetric_traffic| to control logging to syslog.

 *  New shell script in tools to create simple Lua detectors for AppID.

[*] Improvements
 *  sfip_t refactored to use struct in6_addr for all ip addresses.

 *  Post-detection callback for preprocessors.

 *  AppID support for multiple server/client detectors evaluating on same flow.

 *  AppID API for DNS packets.

 *  Memory optimizations throughout.

 *  Support sending UDP active responses.

 *  Fix perfmon tracking of pruned packets.

 *  Stability improvements for AppID.

 *  Stability improvements for Stream6 preprocessor.

 *  Added improved support to block malware in FTP preprocessor.

 *  Added support to differentiate between active and passive FTP connections.

 *  Improvements done in Stream6 preprocessor to avoid having duplicate packets
    in the DAQ retry queue.

 *  Resolved an issue where reputation config incorrectly displayed 'blacklist' in
    priority field even though 'whitelist' option was configured.

 *  Added support for multiple expected sessions created per packet

 *  Active response now supports MPLS



Please submit bugs, questions, and feedback to  bugs at ...835...<mailto:tobugs at ...835...>  or the

Snort-Users mailing list.



Happy Snorting!

The Snort Release Team


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151201/4ebad549/attachment.html>


More information about the Snort-devel mailing list