[Snort-users] Snort 2.9.6 Beta Now Available

Snort Releases snortreleases at ...950...
Mon Nov 18 16:44:38 EST 2013

Snort 2.9.6 Beta is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Development section.

Snort 2.9.6 includes changes for the following:

[*] New additions
  * Add support to do file specific processing within DCERPC
    preprocessor for files being transferred over SMB.

  * File capture and storage -- saves files as they traverse the
    network via a new preprocessor that ties in support within
    HTTP, FTP, SMTP, POP, IMAP, and SMB.  See README.file and
    README.file_server (under tools/file_server) for details.

  * Add <= and >= operators to byte_test rule option.

  * Update SMTP to detect Cyrus SASL authentication attack.

  * Add capability to capture a single session from start to end.

  * EXPERIMENTAL: Add support to leverage file type identification in
    snort rules.  See README.file_ips for details.

[*] Improvements
  * Only inject active responses when a TCP session is established.

  * Update the POP and IMAP protocols to support simple PAF for improved
    identification and capture of files.

  * Update SMTP, POP, IMAP to improve inspection when mime boundaries are
    split across packets.

  * Address issue to address end of line incorrectly for Quoted Printable
    email attachments.

  * Handle out of order SSL handshake in SMTP when STARTTLS is used and
    fix checks for SSL type only within the SSL hand shake.

  * Update sensitive data preprocessor to handle a stateful search of
    patterns across multiple packets.

  * Address a few issues in the Snort manual and other READMEs for
    flowbits and tunneling.

  * Save off packet data for quicker debugging in case of a SIGABRT or

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs at ...10585...

Happy Snorting!
The Snort Release Team

More information about the Snort-users mailing list