[Snort-users] Snort 2.3.0 RC1 available for download

Jeremy Hewlett jh at ...1935...
Thu Nov 18 13:38:07 EST 2004

Greetings All!

Snort 2.3.0RC1 has officially been released, hooray!  A big thanks to
everyone in the Snort community for your ideas and testing.  Please check
it out and give us some feedback.  

The following are the release notes for 2.3.0 RC1:

* Added IPS functionality from Snort-Inline.  A big thanks to the
  Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor
  Julien).  Also, Thanks Dan Roelker for doing the integrating of
  Snort-Inline into the official Snort project.

* Added new portscan detector.  The design and implementation was headed
  up by Dan Roelker, and included Marc Norton and Jeremy Hewlett.

* Numerous changes for better 64bit Snort support from Jeremy Hewlett and
  Marc Norton.  Additionally, an --enable-64bit-gcc option was added to
  configure.  However, there are still some memory alignment issues to
  work out before 64bit mode is fully functional, patches are welcomed.
  Thanks Chris Baker for doing 64bit testing.

* Added not_established keyword to the flow detection option.  This
  allows snort to do dynamic firewall rulesets.  Experimental for now.

* Added an enforce_state keyword to stream4 so we won't pick up midstream
  sessions.  This works well for asynchronous links and also for
  just monitoring legitimate traffic.

* Relocated ./contrib files to http://www.snort.org/dl/contrib as many
  are not maintained by Sourcefire and are out of date. The rpm and
  schema files have been relocated in their respective 'rpm' and
  'schemas' directories under the snort parent directory.

* perfmonitor config line can now be configured with "accumulate" or
  "reset."  Thanks Marc Norton for the feature, and Barry Basselgia for
  pointing out the issue.  Thanks Scott Dexter and Andreas Ostling for
  doing some initial testing.

* Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson
  and Clay McClure.  Thanks guys.

* Fixed reference times to match log time for first packet, for an event
  generated by a reassembled packet.  Incremented event ID to give
  unique ID for each packet.  Also made unified logging compatible with
  Windows.  Thanks Andrew Mullican for the fix.

* Fixed linux perfmonitoring stats for the 2.6 kernel.  Thanks to
  everyone that reported this bug.  Thanks Dan Roelker for the fix.

* Get thresholding/suppression to work for alerts that do not
  contain an ip header (primarily decode alerts).  Thanks
  Brian Caswell.

* Fix conditions where snort would log double web alerts that
  contained only content options (no uricontents).  Thanks to kawa for
  finding and reporting this bug.

* Fix suppression/thresholding bug for non-rule alerts.  Thanks to
  Alex Butcher for reporting it to us.

* Many other bug fixes, please check the ChangeLog for details.

The Snort manual and FAQ have not yet been updated for this release.
However, the ./doc/* are up to date. RPMS and tarball are at the usual
place, http://www.snort.org/dl. Win32 binary will be up shortly.

Thanks again, and happy Snorting!

The Snort Team

More information about the Snort-users mailing list