[Snort-users] Snort 2.9.4 Now Available

Weir, Jason jason.weir at ...14916...
Tue Dec 4 12:20:24 EST 2012


Joel,

Any idea when http://labs.snort.org/snort/2940/ will exist and be
populated?

Might want to make this part of your build or release procedures as this
always seems to be an afterthought..

Thanks,
Jason

> -----Original Message-----
> From: Snort Releases [mailto:snortreleases at ...950...]
> Sent: Monday, December 03, 2012 3:11 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 2.9.4 Now Available
> 
> Snort 2.9.4 is now available on snort.org, at
> http://www.snort.org/snort-downloads/ in the Latest Release section.
> 
> ************
> Please note:
> 2.9.3.1 & later packages are signed with a new PGP key
> (that key is signed with the previous key).
> ************
> 
> Snort 2.9.4 includes changes for the following:
> 
> [*] New additions
> 
>   * Consolidation of IPv6 -- now only a single build supports both
>     IPv4 & IPv6, and removal of the IPv4 "only" code paths.
> 
>   * File API and improvements to file processing for HTTP downloads
>     and email attachments via SMTP, POP, and IMAP to facilitate
>     broader file support
> 
>   * Use of address space ID for tracking Frag & Stream connections
>     when it is available with the DAQ
> 
>   * Logging of packet data that triggers PPM for post-analysis via
>     Snort event
> 
>   * Decoding of IPv6 with PPPoE
> 
>   * Added an API call to add a service to a host in the attribute
table.
>     Remove the unused live attribute update code.
> 
> [*] Improvements
> 
>   * Update to Stream5 PAF for handling gaps in the sequence numbers of
>     packets being reassembled.
> 
>   * Selection of the Stream TCP policy based on the server rather than
>     the destination of first packet seen by Snort
> 
>   * Allow disabling of global thresholds via a count of -1
> 
>   * Prevent blocking duplicate SYNs when using inline normalization
> 
>   * Add SSLv3 backwards compatibility support for SSLv2 ClientHello
>     messages
> 
>   * Allow active responses to packets without data (eg, a TCP SYN)
> 
>   * Changed logic of option evaluations for shared library rules that
>     use a custom evaluation function to match that of the builtin
logic
>     when the NOT_FLAG is used.  The 'NOT' matching now happens within
>     each of the individual rule option evaluation functions.
> 
>   * Updated SMTP preprocessor to better handle commands that have
>     corresponding data on a subsequent line to reduce false positives.
>     3 commands fall into this category - X-EXPS, XEXCH50, and BDAT.
> 
>   * Improve support for encapsulated & tunneling protocols to block or
>     fastpath a connection within the tunnel rather applying that to
>     the whole tunnel.
> 
> Please see the Release Notes and ChangeLog for more details.
> 
> Please submit bugs, questions, and feedback to bugs at ...10585...
> 
> Happy Snorting!
> The Snort Release Team
> 
> 
>
------------------------------------------------------------------------
------
> Keep yourself connected to Go Parallel:
> BUILD Helping you discover the best ways to construct your parallel
projects.
> http://goparallel.sourceforge.net
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest
Snort news!




More information about the Snort-users mailing list