[Snort-devel] [Snort-users] Snort 2.9.8 Now Available

Michael Steele michaels at ...2826...
Tue Dec 1 15:25:17 EST 2015


This is usually the case when a new Snort release is pushed and Sourcefire
does not sync the new Snort release with the current rules. The latest
usually works, even if the versions do not match. I believe in most cases
it's just a filename rename that happens.

 

However, it brings up another question; Pulledpork extracts the Snort
version from the Snort install; What happens when the Snort version fails to
find a version of the rules that don't match? Not a problem for windows
because Windows requires a manual switch entry.

 

Sourcefire has been pretty good lately when making sure when a new Snort
release happens, that the rules filename changes. I have no idea what
happened here, but it does cause confusion when this happens.

 

Sourcefire can you please sync the rules filename with the new releases when
pushed to the general public.  

 

Kindest regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org>
http://www.snort.org *

*********************************************************

 

From: Y M [mailto:snort at ...3347...] 
Sent: Tuesday, December 1, 2015 12:09 PM
To: Dr. Stephen Gantz <stephen.gantz at ...3626...>
Cc: Snort Releases <snortreleases at ...835...>;
snort-users at lists.sourceforge.net; snort-devel at lists.sourceforge.net
Subject: Re: [Snort-users] Snort 2.9.8 Now Available

 

Stephen,

 

I just threw in a quick test VM and Snort 2.9.8.0 seems to start up fine
with the 2.9.7.6 rules (including so) tarball.

 

<snip>

 

--== Initialization Complete ==--

 

   ,,_     -*> Snort! <*-

  o"  )~   Version 2.9.8.0 GRE (Build 229) 

   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/contact#team

           Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights
reserved.

           Copyright (C) 1998-2013 Sourcefire, Inc., et al.

           Using libpcap version 1.5.3

           Using PCRE version: 8.31 2012-07-06

           Using ZLIB version: 1.2.8

 

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.4  <Build 1>

           Rules Object: protocol-snmp  Version 1.0  <Build 1>

           Rules Object: protocol-other  Version 1.0  <Build 1>

 

.....

 

           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>

           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>

 

Snort successfully validated the configuration!

Snort exiting

 

</snip>

 

 

YM

 

  _____  

From: Dr. Stephen Gantz <stephen.gantz at ...3626...
<mailto:stephen.gantz at ...3626...> >
Sent: Tuesday, December 1, 2015 1:36 AM
To: Snort Releases; snort-devel at lists.sourceforge.net
<mailto:snort-devel at lists.sourceforge.net> ;
snort-users at lists.sourceforge.net <mailto:snort-users at lists.sourceforge.net>

Subject: Re: [Snort-users] Snort 2.9.8 Now Available 

 

Any issue with running 2.9.7.6 rules with this release pending a 2.9.8
ruleset?

 

 

 

Dr. Stephen D. Gantz 

CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO

Professor of Information Assurance

The Graduate School

University of Maryland University College

 <mailto:stephen.gantz at ...3626...> stephen.gantz at ...3626...

-------- Original message --------

From: Snort Releases <snortreleases at ...835...
<mailto:snortreleases at ...835...> > 

Date: 11/30/2015 2:30 PM (GMT-05:00) 

To: snort-devel at lists.sourceforge.net
<mailto:snort-devel at lists.sourceforge.net> ,
snort-users at lists.sourceforge.net <mailto:snort-users at lists.sourceforge.net>


Subject: [Snort-users] Snort 2.9.8 Now Available 

 

Snort 2.9.8 is now available on snort.org at
 
 <http://www.snort.org/downloads> http://www.snort.org/downloads in the
Snort Stable Release section.
 
2015-11-17 - Snort 2.9.8.0
[*] New additions
 *  SMBv2/SMBv3 support for file inspection.
 
 *  Port override for metadata service in IPS rules.
 
 *  AppID Lua detector performance profiling.
 
 *  Perfmon dumps stats at fixed intervals from absolute time.
 
 *  New preprocessor alert (120:18) to detect SSH tunneling over HTTP
 
 *  New config option |disable_replace| to disable replace rule option.
 
 *  New Stream configuration |log_asymmetric_traffic| to control logging to
syslog.
 
 *  New shell script in tools to create simple Lua detectors for AppID.
 
[*] Improvements
 *  sfip_t refactored to use struct in6_addr for all ip addresses.
 
 *  Post-detection callback for preprocessors.
 
 *  AppID support for multiple server/client detectors evaluating on same
flow.
 
 *  AppID API for DNS packets.
 
 *  Memory optimizations throughout.
 
 *  Support sending UDP active responses.
 
 *  Fix perfmon tracking of pruned packets.
 
 *  Stability improvements for AppID.
 
 *  Stability improvements for Stream6 preprocessor.
 
 *  Added improved support to block malware in FTP preprocessor.
 
 *  Added support to differentiate between active and passive FTP
connections.
 
 *  Improvements done in Stream6 preprocessor to avoid having duplicate
packets 
    in the DAQ retry queue.
 
 *  Resolved an issue where reputation config incorrectly displayed
'blacklist' in
    priority field even though 'whitelist' option was configured.
 
 *  Added support for multiple expected sessions created per packet
 
 *  Active response now supports MPLS
 
 
 
Please submit bugs, questions, and feedback to   <mailto:tobugs at ...835...>
bugs at ...835...  or the
 
Snort-Users mailing list.
 
 
 
Happy Snorting!
 
The Snort Release Team
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151201/c1902fe1/attachment.html>


More information about the Snort-devel mailing list