[Snort-users] Snort 2.0 Released!

Martin Roesch roesch at ...1935...
Mon Apr 14 08:59:10 EDT 2003


Snort 2.0 has been released and is available at http://www.snort.org.  
Snort 2.0 is the result of many months of effort on the part of dozens 
of people and has a slew of new features:

* Enhanced high-performance detection engine
* Stateful Pattern Matching
* New detection keywords: byte_test & byte_jump
* The Snort code base has undergone an external third party  
professional security audit funded by Sourcefire
   (http://www.sourcefire.com)
* Many new and updated rules
* snort.conf has been updated
* Enhancements to self preservation mechanisms in stream4 and frag2
* State tracking fixes in stream4
* New HTTP flow analyzer
* Enhanced protocol decoding (TCP options, 802.1q, etc)
* Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, 
etc)
* Enhanced flexresp mode for real-time TCP session sniping
* Better chroot()'ing
* Tagging system updated
* Several million bugs addressed....
* Updated FAQ (thanks to Erek Adams and Dragos Ruiu)

Snort 2.0 can be downloaded at 
http://www.snort.org/dl/snort-2.0.0.tar.gz.  Binary versions of the 
code base will be built over the next several days and made available 
at snort.org.

Thanks to everyone who has contributed and helped out over the past 
several months!

      -Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list