[Snort-users] Snort 2.8.4 Release Imminent

Matt Watchinski mwatchinski at ...1935...
Mon Apr 6 14:52:00 EDT 2009


The Snort 2.8.4 Release is Imminent, most likely in the next two days.
 When this happens, the only way to stay current with detection for
anything DCERPC related will be to upgrade Snort. The VRT will not be
releasing detection that does not use the new dcerpc2 Preprocessor.

What this means is, the only version of Snort that will get new rules
for anything DCERPC related will be 2.8.4. There will be nothing
released that is backwards compatible. It is not possible to do so. On
the upside though, the number of rules that will be needed in the
NetBIOS category will be reduced greatly. This will make rule
management a lot easier. Previously, a lot of detection and decoding
was being done with the rules themselves, with the new Preprocessor
this is no longer necessary. Thus the huge reduction in rules and
increase in simplicity of the rules themselves.

Additionally as stated on the Rules download page on Snort.org

******************************************
Snort rule packages for Subscribers and Registered users track the
latest feature set for any Major.X release. This means that rule
packages can contain features that only exist in the latest version of
snort for a given Major.X release. A simple example is:

When 2.8.4 is released it becomes the current version of Snort, then
the snortrules-snapshot-2.8 packages WILL utilize features not
supported in 2.8.3 and earlier.
******************************************

Finally if you use OinkMaster to download rules automatically, the
release of the New 2.8 snapshot rule packages with the new rules will
cause your snort to fail to start if it is not upgraded to Snort 2.8.4
with dcerpc2 enabled.

Keep an eye on the mailing lists, snort.org and the VRT Blog. Release
is imminent.

Additional information here
http://vrt-sourcefire.blogspot.com/2009/04/snort-284-is-nigh.html
http://vrt-sourcefire.blogspot.com/2009/02/important-snort-rule-changes-and-new.html
http://vrt-sourcefire.blogspot.com/2009/02/dcerpc2-ruleset-now-available.html
http://www.snort.org/vrt/tools/using-dcerpc2.html
http://www.snort.org/vrt/tools/README.dcerpc2

-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list