[Snort-users] Snort 2.9.4 Now Available

Joel Esler jesler at ...1935...
Tue Dec 4 13:10:51 EST 2012


It should be there now.

On Dec 4, 2012, at 12:37 PM, "Weir, Jason" <jason.weir at ...14916...> wrote:

> Thanks Joel - maybe part of the pre-release procedures then  ;)
> 
> -J
> 
>> -----Original Message-----
>> From: Joel Esler [mailto:jesler at ...1935...]
>> Sent: Tuesday, December 04, 2012 12:29 PM
>> To: Weir, Jason
>> Cc: snort-team at ...1935...; snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] Snort 2.9.4 Now Available
>> 
>> It is.  It's just number 12 or so on my list
>> 
>> 
>> On Dec 4, 2012, at 12:20 PM, "Weir, Jason" <jason.weir at ...14916...>
> wrote:
>> 
>>> Joel,
>>> 
>>> Any idea when http://labs.snort.org/snort/2940/ will exist and be
>>> populated?
>>> 
>>> Might want to make this part of your build or release procedures as
> this
>>> always seems to be an afterthought..
>>> 
>>> Thanks,
>>> Jason
>>> 
>>>> -----Original Message-----
>>>> From: Snort Releases [mailto:snortreleases at ...950...]
>>>> Sent: Monday, December 03, 2012 3:11 PM
>>>> To: snort-users at lists.sourceforge.net
>>>> Subject: [Snort-users] Snort 2.9.4 Now Available
>>>> 
>>>> Snort 2.9.4 is now available on snort.org, at
>>>> http://www.snort.org/snort-downloads/ in the Latest Release
> section.
>>>> 
>>>> ************
>>>> Please note:
>>>> 2.9.3.1 & later packages are signed with a new PGP key
>>>> (that key is signed with the previous key).
>>>> ************
>>>> 
>>>> Snort 2.9.4 includes changes for the following:
>>>> 
>>>> [*] New additions
>>>> 
>>>> * Consolidation of IPv6 -- now only a single build supports both
>>>>   IPv4 & IPv6, and removal of the IPv4 "only" code paths.
>>>> 
>>>> * File API and improvements to file processing for HTTP downloads
>>>>   and email attachments via SMTP, POP, and IMAP to facilitate
>>>>   broader file support
>>>> 
>>>> * Use of address space ID for tracking Frag & Stream connections
>>>>   when it is available with the DAQ
>>>> 
>>>> * Logging of packet data that triggers PPM for post-analysis via
>>>>   Snort event
>>>> 
>>>> * Decoding of IPv6 with PPPoE
>>>> 
>>>> * Added an API call to add a service to a host in the attribute
>>> table.
>>>>   Remove the unused live attribute update code.
>>>> 
>>>> [*] Improvements
>>>> 
>>>> * Update to Stream5 PAF for handling gaps in the sequence numbers
> of
>>>>   packets being reassembled.
>>>> 
>>>> * Selection of the Stream TCP policy based on the server rather
> than
>>>>   the destination of first packet seen by Snort
>>>> 
>>>> * Allow disabling of global thresholds via a count of -1
>>>> 
>>>> * Prevent blocking duplicate SYNs when using inline normalization
>>>> 
>>>> * Add SSLv3 backwards compatibility support for SSLv2 ClientHello
>>>>   messages
>>>> 
>>>> * Allow active responses to packets without data (eg, a TCP SYN)
>>>> 
>>>> * Changed logic of option evaluations for shared library rules
> that
>>>>   use a custom evaluation function to match that of the builtin
>>> logic
>>>>   when the NOT_FLAG is used.  The 'NOT' matching now happens
> within
>>>>   each of the individual rule option evaluation functions.
>>>> 
>>>> * Updated SMTP preprocessor to better handle commands that have
>>>>   corresponding data on a subsequent line to reduce false
> positives.
>>>>   3 commands fall into this category - X-EXPS, XEXCH50, and BDAT.
>>>> 
>>>> * Improve support for encapsulated & tunneling protocols to block
> or
>>>>   fastpath a connection within the tunnel rather applying that to
>>>>   the whole tunnel.
>>>> 
>>>> Please see the Release Notes and ChangeLog for more details.
>>>> 
>>>> Please submit bugs, questions, and feedback to bugs at ...10585...
>>>> 
>>>> Happy Snorting!
>>>> The Snort Release Team





More information about the Snort-users mailing list