Home page logo
/

snort logo Snort mailing list archives

Re: Snort 2.9.0 Now Available
From: Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com>
Date: Mon, 11 Oct 2010 07:48:25 -0500

Le lundi 4 octobre 2010 15:36:36, Snort Releases a écrit :
Snort 2.9.0 is now available on snort.org, at
http://www.snort.org/snort-downloads/.

2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).

Snort 2.9.0 introduces:

   * Feature rich IPS mode including improvements to Stream for
     inline deployments.  Additionally a common active response API is
     used for all packet responses, including those from Stream,
     Respond, or React.  A new response module, respond3, supports the
     syntax of both resp & resp2, including strafing for passive
     deployments.  When Snort is deployed inline, a new preprocessor
     has been added to handle packet normalization to allow Snort
     to interpret a packet the same way as the receiving host.

   * Use of a Data Acquisition API (DAQ) that supports many different
     packet access methods including libpcap, netfilterq, IPFW, and
     afpacket.  For libpcap, version 1.0 or higher is now required.
     The DAQ library can be updated independently from Snort and is
     a separate module that Snort links.  See README.daq for details
     on using Snort and the new DAQ.

   * Updates to HTTP Inspect to extract and log IP addresses from
     X-Forward-For and True-Client-IP header fields when Snort generates
     events on HTTP traffic.

   * A new rule option 'byte_extract' that allows extracted values to
     be used in subsequent rule options for isdataat, byte_test,
     byte_jump, and content distance/within/depth/offset.

   * Updates to SMTP preprocessor to support MIME attachment decoding
     across multiple packets.

   * Ability to "test" drop rules using Inline Test Mode.  Snort will
     indicate a packet would have been dropped in the unified2 or
     console event log if policy mode was set to inline.

   * Two new rule options to support base64 decoding of certain pieces
     of data and inspection of the base64 data via subsequent rule
     options.

   * Updates to the Snort packet decoders for IPv6 for improvements to
     anomaly detection.

   * Added a new pattern matcher that supports Intel's Quick Assist
     Technology for improved performance on supported hardware
     platforms.  Visit http://www.intel.com to find out more about
     Intel Quick Assist.  The following document describes Snort's
     integration with the Quick Assist Technology
http://download.intel.com/embedded/applications/networksecurity/324029.pdf

   * Reference applications for reading unified2 output that handle
     all unified2 record formats used by Snort.

   * Ability for rules to control TCP stream reassembly via a new
     rule option.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to snort-beta () sourcefire com 

Happy Snorting!
The Snort Release Team


---------------------------------------------------------------------------
--- Virtualization is moving to the mainstream and overtaking
non-virtualized environment for deploying applications. Does it make
network security easier or more difficult to achieve? Read this whitepaper
to separate the two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


For all those Mandriva fans,

snort2.9 and daq0.2 is now available at Mandriva Cooker, specially thanx to 
Michael Altizer for his  support on porting daq.

Mandriva's port also is patched with snortsam support.

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]