[Snort-devel] Snort 2.9.8 Now Available

Snort Releases snortreleases at ...835...
Mon Nov 30 14:30:30 EST 2015

Snort 2.9.8 is now available on snort.org at

http://www.snort.org/downloads  in the Snort Stable Release section.

2015-11-17 - Snort
[*] New additions
  *  SMBv2/SMBv3 support for file inspection.

  *  Port override for metadata service in IPS rules.

  *  AppID Lua detector performance profiling.

  *  Perfmon dumps stats at fixed intervals from absolute time.

  *  New preprocessor alert (120:18) to detect SSH tunneling over HTTP

  *  New config option|disable_replace|  to disable replace rule option.

  *  New Stream configuration|log_asymmetric_traffic|  to control logging to syslog.

  *  New shell script in tools to create simple Lua detectors for AppID.

[*] Improvements
  *  sfip_t refactored to use struct in6_addr for all ip addresses.

  *  Post-detection callback for preprocessors.

  *  AppID support for multiple server/client detectors evaluating on same flow.

  *  AppID API for DNS packets.

  *  Memory optimizations throughout.

  *  Support sending UDP active responses.

  *  Fix perfmon tracking of pruned packets.
  *  Stability improvements for AppID.

  *  Stability improvements for Stream6 preprocessor.

  *  Added improved support to block malware in FTP preprocessor.

  *  Added support to differentiate between active and passive FTP connections.

  *  Improvements done in Stream6 preprocessor to avoid having duplicate packets
     in the DAQ retry queue.
  *  Resolved an issue where reputation config incorrectly displayed 'blacklist' in
     priority field even though 'whitelist' option was configured.

  *  Added support for multiple expected sessions created per packet

  *  Active response now supports MPLS

Please submit bugs, questions, and feedback tobugs at ...835...   or the

Snort-Users mailing list.

Happy Snorting!

The Snort Release Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151130/9d97416c/attachment.html>

More information about the Snort-devel mailing list