mailing list archives
Snort 2.9.0 Now Available
From: Snort Releases <snortreleases () snort org>
Date: Mon, 04 Oct 2010 16:36:20 -0400
Snort 2.9.0 is now available on snort.org, at
2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).
Snort 2.9.0 introduces:
* Feature rich IPS mode including improvements to Stream for
inline deployments. Additionally a common active response API is
used for all packet responses, including those from Stream,
Respond, or React. A new response module, respond3, supports the
syntax of both resp & resp2, including strafing for passive
deployments. When Snort is deployed inline, a new preprocessor
has been added to handle packet normalization to allow Snort
to interpret a packet the same way as the receiving host.
* Use of a Data Acquisition API (DAQ) that supports many different
packet access methods including libpcap, netfilterq, IPFW, and
afpacket. For libpcap, version 1.0 or higher is now required.
The DAQ library can be updated independently from Snort and is
a separate module that Snort links. See README.daq for details
on using Snort and the new DAQ.
* Updates to HTTP Inspect to extract and log IP addresses from
X-Forward-For and True-Client-IP header fields when Snort generates
events on HTTP traffic.
* A new rule option 'byte_extract' that allows extracted values to
be used in subsequent rule options for isdataat, byte_test,
byte_jump, and content distance/within/depth/offset.
* Updates to SMTP preprocessor to support MIME attachment decoding
across multiple packets.
* Ability to "test" drop rules using Inline Test Mode. Snort will
indicate a packet would have been dropped in the unified2 or
console event log if policy mode was set to inline.
* Two new rule options to support base64 decoding of certain pieces
of data and inspection of the base64 data via subsequent rule
* Updates to the Snort packet decoders for IPv6 for improvements to
* Added a new pattern matcher that supports Intel's Quick Assist
Technology for improved performance on supported hardware
platforms. Visit http://www.intel.com to find out more about
Intel Quick Assist. The following document describes Snort's
integration with the Quick Assist Technology
* Reference applications for reading unified2 output that handle
all unified2 record formats used by Snort.
* Ability for rules to control TCP stream reassembly via a new
Please see the Release Notes and ChangeLog for more details.
Please submit bugs, questions, and feedback to snort-beta () sourcefire com
The Snort Release Team
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
Snort-devel mailing list
Snort-devel () lists sourceforge net
- Snort 2.9.0 Now Available Snort Releases (Oct 04)