[Snort-users] Snort 2.9.4 Now Available

Joel Esler jesler at ...1935...
Tue Dec 4 12:28:36 EST 2012


It is.  It's just number 12 or so on my list


On Dec 4, 2012, at 12:20 PM, "Weir, Jason" <jason.weir at ...14916...> wrote:

> Joel,
> 
> Any idea when http://labs.snort.org/snort/2940/ will exist and be
> populated?
> 
> Might want to make this part of your build or release procedures as this
> always seems to be an afterthought..
> 
> Thanks,
> Jason
> 
>> -----Original Message-----
>> From: Snort Releases [mailto:snortreleases at ...950...]
>> Sent: Monday, December 03, 2012 3:11 PM
>> To: snort-users at lists.sourceforge.net
>> Subject: [Snort-users] Snort 2.9.4 Now Available
>> 
>> Snort 2.9.4 is now available on snort.org, at
>> http://www.snort.org/snort-downloads/ in the Latest Release section.
>> 
>> ************
>> Please note:
>> 2.9.3.1 & later packages are signed with a new PGP key
>> (that key is signed with the previous key).
>> ************
>> 
>> Snort 2.9.4 includes changes for the following:
>> 
>> [*] New additions
>> 
>>  * Consolidation of IPv6 -- now only a single build supports both
>>    IPv4 & IPv6, and removal of the IPv4 "only" code paths.
>> 
>>  * File API and improvements to file processing for HTTP downloads
>>    and email attachments via SMTP, POP, and IMAP to facilitate
>>    broader file support
>> 
>>  * Use of address space ID for tracking Frag & Stream connections
>>    when it is available with the DAQ
>> 
>>  * Logging of packet data that triggers PPM for post-analysis via
>>    Snort event
>> 
>>  * Decoding of IPv6 with PPPoE
>> 
>>  * Added an API call to add a service to a host in the attribute
> table.
>>    Remove the unused live attribute update code.
>> 
>> [*] Improvements
>> 
>>  * Update to Stream5 PAF for handling gaps in the sequence numbers of
>>    packets being reassembled.
>> 
>>  * Selection of the Stream TCP policy based on the server rather than
>>    the destination of first packet seen by Snort
>> 
>>  * Allow disabling of global thresholds via a count of -1
>> 
>>  * Prevent blocking duplicate SYNs when using inline normalization
>> 
>>  * Add SSLv3 backwards compatibility support for SSLv2 ClientHello
>>    messages
>> 
>>  * Allow active responses to packets without data (eg, a TCP SYN)
>> 
>>  * Changed logic of option evaluations for shared library rules that
>>    use a custom evaluation function to match that of the builtin
> logic
>>    when the NOT_FLAG is used.  The 'NOT' matching now happens within
>>    each of the individual rule option evaluation functions.
>> 
>>  * Updated SMTP preprocessor to better handle commands that have
>>    corresponding data on a subsequent line to reduce false positives.
>>    3 commands fall into this category - X-EXPS, XEXCH50, and BDAT.
>> 
>>  * Improve support for encapsulated & tunneling protocols to block or
>>    fastpath a connection within the tunnel rather applying that to
>>    the whole tunnel.
>> 
>> Please see the Release Notes and ChangeLog for more details.
>> 
>> Please submit bugs, questions, and feedback to bugs at ...10585...
>> 
>> Happy Snorting!
>> The Snort Release Team
>> 
>> 
>> 
> ------------------------------------------------------------------------
> ------
>> Keep yourself connected to Go Parallel:
>> BUILD Helping you discover the best ways to construct your parallel
> projects.
>> http://goparallel.sourceforge.net
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!





More information about the Snort-users mailing list