[Snort-openappid] Snort 126.96.36.199 Alpha is now available.
snortreleases at ...1...
Tue Feb 25 10:05:08 EST 2014
Snort 2.9.7 Alpha is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.
Snort 2.9.7 includes a major new feature for to Application Identification,
our openappid capability.
[*] New additions
* Application Identification Preprocessor, when used in conjunction with
open app ID detector content, that will identify application protocol,
client, server, and web applications and include the info in Snort
data. In addition, a new rule option keyword 'appid' that can be
constrain Snort rules based on one or more applications that are
for the connection. See README.appid for details. Please report
ask questions specific to open app ID via a new mailing
list:snort-openappid at ...2...
* A new protected_content rule option that is used to match against a
that is hashed. It can be used to obscure the full context of the
* Protocol Aware Flushing (PAF) improvements for SMTP, POP, and IMAP to
more accurately process different portions of email messages and file
* Update active response to allow for responses of 1500+ bytes that span
multiple TCP packets.
* Check limits of multiple configurations to not exceed a maximum ID
* Updated the error ouptput of byte_test, byte_jump, byte_extract to
including details on offending options for a given rule.
* Update build and install scripts to install preprocessor and engine
into user specified libdir.
See the Release Notes and ChangeLog for more details.
Please submit other bugs, questions, and feedback tobugs at ...3...
The Snort Release Team
More information about the Snort-openappid