[Snort-openappid] Snort 2.9.7.0 Alpha is now available.

Snort Releases snortreleases at ...1...
Tue Feb 25 10:05:08 EST 2014


Snort 2.9.7 Alpha is now available on snort.org, at
http://www.snort.org/snort-downloads/  in the Development section.

Snort 2.9.7 includes a major new feature for to Application Identification,
our openappid capability.

[*] New additions
   * Application Identification Preprocessor, when used in conjunction with
     open app ID detector content, that will identify application protocol,
     client, server, and web applications and include the info in Snort 
alert
     data.  In addition, a new rule option keyword 'appid' that can be 
used to
     constrain Snort rules based on one or more applications that are 
identified
     for the connection.  See README.appid for details.  Please report 
issues or
     ask questions specific to open app ID via a new mailing 
list:snort-openappid at ...2...

   * A new protected_content rule option that is used to match against a 
content
     that is hashed.  It can be used to obscure the full context of the 
rule from
     the administrator.

   * Protocol Aware Flushing (PAF) improvements for SMTP, POP, and IMAP to
     more accurately process different portions of email messages and file
     attachments.

[*] Improvements
   * Update active response to allow for responses of 1500+ bytes that span
     multiple TCP packets.

   * Check limits of multiple configurations to not exceed a maximum ID 
of 4095.

   * Updated the error ouptput of byte_test, byte_jump, byte_extract to
     including details on offending options for a given rule.

   * Update build and install scripts to install preprocessor and engine 
libraries
     into user specified libdir.


See the Release Notes and ChangeLog for more details.

Please submit other bugs, questions, and feedback tobugs at ...3...

Happy Snorting!
The Snort Release Team





More information about the Snort-openappid mailing list