[Snort-sigs] Suricata 0.9.2 RC3 Released

Matt Jonkman jonkman at ...829...
Fri Jun 18 10:32:20 EDT 2010

The OISF development team is proud to announce Suricata 0.9.2 / RC3, the
Open Source Intrusion Detection and Prevention engine. We're working
towards our first stable release, currently scheduled for July 1st 2010.

Get the new release here:

New features

- native support for Endace DAG card was added
- content inspecting keywords are now also inspected against the
reassembled stream
- support for the http_uri content modifier was added
- content inspection for dce keywords was added
- support for the rate_filter keyword was added


- uricontent scanning was improved
- asn1 keyword was improved
- memory leaks have been fixed
- entries spanning multiple lines in the threshold.config are now supported
- introduction of lockless ringbuffers for packet queues

Known issues & missing features

We have made significant progress towards reaching our first full
(non-beta) release of Suricata.  Your feedback is always important to us
and we appreciate your time and effort. As always, we are doing our best
to make you aware of continuing development and items within the engine
that are not yet complete.  With this in mind, please notice the list we
have included of known items we are working on.

- Inconsistent time stamps in http log file due to handling & updating
of the http state.
- DCE/RPC over udp is not currently supported.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- Due to timing issues, matches in the reassembled stream sometimes
seemingly appear too early in the stream

https://redmine.openinfosecfoundation.org/projects/suricata/issues for
an up to date list and to report new issues.


Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Snort-sigs mailing list