[Snort-sigs] Snort 2.4.4 and Snort 2.6 Beta Available

Jennifer Steffens jennifer.steffens at ...435...
Wed Mar 8 15:44:01 EST 2006

The Snort Team is pleased to announce the availability of Snort v2.4.4 
and Snort v2.6 Beta (no you didn't blink and miss 2.5, it was an 
internal release only).

**Snort 2.4.4**
The Snort 2.4.4 release fixes an issue where under certain conditions 
the frag3 preprocessor will not properly refragment stream data. 
Improvements have also been made to stream4 and a fix for Snort in 
inline mode was added. Numerous other improvements are detailed in the 
changlog for this release.

Note: This release is currently only available as a source tarball or 
from cvs. Sourcefire's build and QA systems are currently dedicated to 
the upcoming release of the Sourcefire 3D System v4.5. Moving forward we 
will be providing binaries for linux, win32 and OSX. In the meantime, if 
anyone in the community has the resources necessary to provide these 
sooner please let me know.

Release notes and the source tarball are available at 

**Snort 2.6 Beta**
Snort 2.6 Beta is available for testing. Feedback concerning issues with 
Snort 2.6 Beta should be directed to snort-beta at ...3053... We do 
not recommend deploying this beta in a production environment.

Feature highlights:

  * Added Performance Profiling Measurements for rules & preprocessors.
    Enabled via --enable-perfprofiling at configuration time.

  * Added support for dynamically loadable preprocessors, detection
    engine and rules. Enabled via --enable-dynamicplugin at
    configuration time.

  * Addition of dynamically loadable SMTP preprocessor.
    Deprecates xlink2state minipreprocessor.

  * Addition of dynamically loadable FTP/Telnet preprocessor.
    Deprecates telnet_decode preprocessor.

  * Preprocessor configuration validation. Verifies a preprocessor
    configuration, when one preprocessor depends on another preprocessor
    being enabled (HttpInspect depends on Stream for example). Also
    handles 2 part configurations (Frag3 requires at least one
    policy/engine configuration).

  * Longname option support.

  * Stream API to simplify transition to next generation Stream module.
    Flowbits now stored as part of stream, updates to output plugins for
    logging of reassembled packets.  Updates to other preprocessors to
    provide per stream state data.

  * Logging of Generator ID to MySQL database.  Updated database
    schema to add this field. Requires update to BASE.

To get a copy of the Snort 2.6 Beta testing, follow these instructions:

  # cvs -d:pserver:anonymous at ...3210...:/cvsroot login
  # cvs -d:pserver:anonymous at ...3210...:/cvsroot
    co SNORT_2_6 snort_2_6
  # cd snort_2_6
  # sh autojunk.sh
  # ./configure <options here, use -h to see all available options>
  # make
  # make install

You should now have Snort 2.6 Beta installed and ready for use.

Happy Snorting!


Jennifer Steffens
Director, Product Management - Snort
Sourcefire, Inc

More information about the Snort-sigs mailing list