[Snort-users] Suricata 0.9.1 RC2 Available!

Matt Jonkman jonkman at ...4024...
Wed May 26 12:24:28 EDT 2010

The OISF development team is proud to introduce the second release
candidate release of Suricata, the Open Source Intrusion Detection and
Prevention engine. We're working towards our first stable release,
currently schedules for July 1st 2010.

Get the new release here:

New features

- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful


- multiple regressions in the detection engine causing false negatives
were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved

Known issues & missing features

We have made significant progress towards reaching our first full
(non-beta) release of Suricata.  Your feedback is always important to us
and we appreciate your time and effort. As always, we are doing our best
to make you aware of continuing development and items within the engine
that are not yet complete.  With this in mind, please notice the list we
have included of known items we are working on.

- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating
of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts
for the same event

See https://redmine.openinfosecfoundation.org/projects/suricata/issues
for an up to date list and to report new issues.


Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Snort-users mailing list