[Snort-users] Snort 2.9.8 Now Available

Rafael Paris raparis at ...11827...
Tue Dec 1 16:15:27 EST 2015


Good afternoon everyone.

I have upgraded to snort 2.9.8.0 on 2 sensors with 2.9.7.6 signatures with
no problems. They usually works fine.

Cheers,

Rafael Paris

2015-11-30 21:06 GMT-04:30 Dr. Stephen Gantz <stephen.gantz at ...16854...
>:

> Any issue with running 2.9.7.6 rules with this release pending a 2.9.8
> ruleset?
>
>
>
> Dr. Stephen D. Gantz
> CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO
> Professor of Information Assurance
> The Graduate School
> University of Maryland University College
> stephen.gantz at ...16854...
> -------- Original message --------
> From: Snort Releases <snortreleases at ...950...>
> Date: 11/30/2015 2:30 PM (GMT-05:00)
> To: snort-devel at lists.sourceforge.net, snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 2.9.8 Now Available
>
> Snort 2.9.8 is now available on snort.org at
> http://www.snort.org/downloads in the Snort Stable Release section.
>
> 2015-11-17 - Snort 2.9.8.0
> [*] New additions
>  *  SMBv2/SMBv3 support for file inspection.
>
>  *  Port override for metadata service in IPS rules.
>
>  *  AppID Lua detector performance profiling.
>
>  *  Perfmon dumps stats at fixed intervals from absolute time.
>
>  *  New preprocessor alert (120:18) to detect SSH tunneling over HTTP
>
>  *  New config option |disable_replace| to disable replace rule option.
>
>  *  New Stream configuration |log_asymmetric_traffic| to control logging to syslog.
>
>  *  New shell script in tools to create simple Lua detectors for AppID.
>
> [*] Improvements
>  *  sfip_t refactored to use struct in6_addr for all ip addresses.
>
>  *  Post-detection callback for preprocessors.
>
>  *  AppID support for multiple server/client detectors evaluating on same flow.
>
>  *  AppID API for DNS packets.
>
>  *  Memory optimizations throughout.
>
>  *  Support sending UDP active responses.
>
>  *  Fix perfmon tracking of pruned packets.
>
>  *  Stability improvements for AppID.
>
>  *  Stability improvements for Stream6 preprocessor.
>
>  *  Added improved support to block malware in FTP preprocessor.
>
>  *  Added support to differentiate between active and passive FTP connections.
>
>  *  Improvements done in Stream6 preprocessor to avoid having duplicate packets
>     in the DAQ retry queue.
>
>  *  Resolved an issue where reputation config incorrectly displayed 'blacklist' in
>     priority field even though 'whitelist' option was configured.
>
>  *  Added support for multiple expected sessions created per packet
>
>  *  Active response now supports MPLS
>
>
>
> Please submit bugs, questions, and feedback to  bugs at ...950... <tobugs at ...950...>  or the
>
> Snort-Users mailing list.
>
>
>
> Happy Snorting!
>
> The Snort Release Team
>
>
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
> OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20151201/33406108/attachment.html>


More information about the Snort-users mailing list