[Snort-users] Snort 2.9.6 RC Now Available
snortreleases at ...950...
Thu Dec 12 17:15:57 EST 2013
Snort 2.9.6 RC is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.
NOTE: There is an update to the DAQ library as well to address
a few items on different platforms.
Snort 2.9.6 includes changes for the following:
2013-12-10 - Snort 220.127.116.11 RC
[*] New additions
* Add support to do file specific processing within DCERPC preprocessor
for files being transferred over SMB.
* File capture and storage -- saves files as they traverse the network
via a new preprocessor that ties in support within HTTP, FTP, SMTP,
POP, IMAP, and SMB. See README.file and README.file_server (under
tools/file_server) for details.
* Add <= and >= operators to byte_test rule option.
* Update SMTP to detect Cyrus SASL authentication attack.
* Add capability to capture a single session from start to end.
* EXPERIMENTAL: Add support to leverage file type identification in
snort rules. See README.file_ips for details.
* Only inject active responses when a TCP session is established.
* Update the POP and IMAP protocols to support simple PAF for improved
identification and capture of files.
* Update SMTP, POP, IMAP to improve inspection when mime boundaries are
split across packets.
* Address issue to address end of line incorrectly for Quoted Printable
* Handle out of order SSL handshake in SMTP when STARTTLS is used and
fix checks for SSL type only within the SSL hand shake.
* Update sensitive data preprocessor to handle a stateful search of
patterns across multiple packets.
* Address a few issues in the Snort manual and other READMEs for
flowbits and tunneling.
* Save off packet data for quicker debugging in case of a SIGABRT or
See the Release Notes and ChangeLog for more details.
Please submit bugs, questions, and feedback to bugs at ...10585...
The Snort Release Team
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into
your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
Please visit http://blog.snort.org for the latest news about Snort!
More information about the Snort-users