[Snort-users] Snort 2.9.6 RC Now Available

Snort Releases snortreleases at ...950...
Thu Dec 12 17:15:57 EST 2013


Snort 2.9.6 RC is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.

NOTE: There is an update to the DAQ library as well to address
a few items on different platforms.

Snort 2.9.6 includes changes for the following:

2013-12-10 - Snort 2.9.6.0 RC
[*] New additions
* Add support to do file specific processing within DCERPC preprocessor
    for files being transferred over SMB.

* File capture and storage -- saves files as they traverse the network
    via a new preprocessor that ties in support within HTTP, FTP, SMTP,
    POP, IMAP, and SMB.  See README.file and README.file_server (under
    tools/file_server) for details.

* Add <= and >= operators to byte_test rule option.

* Update SMTP to detect Cyrus SASL authentication attack.

* Add capability to capture a single session from start to end.

* EXPERIMENTAL: Add support to leverage file type identification in
    snort rules.  See README.file_ips for details.

[*] Improvements
* Only inject active responses when a TCP session is established.

* Update the POP and IMAP protocols to support simple PAF for improved
    identification and capture of files.

* Update SMTP, POP, IMAP to improve inspection when mime boundaries are
    split across packets.

* Address issue to address end of line incorrectly for Quoted Printable
    email attachments.

* Handle out of order SSL handshake in SMTP when STARTTLS is used and
    fix checks for SSL type only within the SSL hand shake.

* Update sensitive data preprocessor to handle a stateful search of
    patterns across multiple packets.

* Address a few issues in the Snort manual and other READMEs for
    flowbits and tunneling.

* Save off packet data for quicker debugging in case of a SIGABRT or
    SIGBUS.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs at ...10585...

Happy Snorting!
The Snort Release Team


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into 
your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of 
AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!






More information about the Snort-users mailing list