| Main Archive Page > Month Archives > snort-devel archives |
Re: [Snort-devel] Snort 2.9.1 RC Now Available
From: rmkml <rmkml_at_nospam>Date: Tue Jul 19 2011 - 20:39:46 GMT
To: snort-team@sourcefire.com
Congratulations Snort Team!
two small typo on ChangeLog please:
s/Permon/Perfmon/
s/Perfomnitor/Perfmonitor/
Regards
Rmkml
On Tue, 19 Jul 2011, Snort Releases wrote:
> Snort 2.9.1 RC is now available on snort.org, at
> http://www.snort.org/snort-downloads/ in the Latest Development
> Release section.
>
> 2.9.0 RC & later packages are signed with a new PGP key
> (that is signed with the previous key).
>
> ****
> NOTE: Snort 2.9.1 requires pkg-config be installed for some
> of its autoconf processing. See details below.
> ****
>
> Snort 2.9.1 introduces the following new capabilities:
>
> * Protocol aware reassembly support for HTTP and DCE/RPC
> preprocessors. Updates to Stream5 allowing Snort to more
> intelligently inspect HTTP and DCE/RPC requests and responses.
> See README.stream5 subsection related to Protocol Aware Flushing
> (PAF).
>
> * SIP preprocessor to identify SIP call channels and provide
> rule access via new rule option keywords. Also includes new
> preprocessor rules for anomalies in the SIP communications.
> See the Snort Manual and README.sip for details.
>
> * POP3 & IMAP preprocessors to decode email attachments in
> Base64, Quoted Printable, and uuencode formats, and updates
> to SMTP preprocessor for decoding email attachments encoded
> as Quoted Printable and uuencode formats. See the Snort
> Manual, README.pop, README.imap, and README.SMTP for details.
>
> * Support for reading large pcap files.
>
> * Logging of HTTP URL (host and filename), SMTP attachment
> filenames and email recipients to unified2 when Snort generates
> events on related traffic.
>
> * IP Reputation preprocessor, allowing Snort to blacklist or
> whitelist packets based on their IP addresses. This preprocessor
> is still in an experimental state, so please report any issues
> to the Snort team. See README.reputation for more information.
>
> Additionally, the following updates and improvements have been made:
>
> * Updates to give shared library rules direct access to gzip
> decoding capabilities.
>
> * Rule Option Improvements:
>
> - Updates to content modifier http_cookie to not include
> the HTTP header names themselves in the buffer. This change
> may affect existing rules that leverage this keyword.
>
> - Updates to the file_data and base64_data rule option keywords
> and added a pkt_data rule option keyword that sets the buffer
> to be used for subsequent content/pcre/etc rule options.
>
> - Updates to the tcp flag rule option keyword to support 'C'
> and 'E' for CWR and ECN bits.
>
> - Updates to byte_extract rule option keyword to support
> the same string formats as with byte_test and byte_jump.
>
> * Updates to Snort's build infrastructure and autoconf script
> for portability and improved checks for library dependencies.
> To facilitate easier building of Snort on many of the different
> platforms supported, Snort now uses pkg-config to check for
> certain library locations. Obtain pkg-config from freedesktop.org.
>
> * Many updates and improvements to the Snort documentation. Special
> thanks to all of the contributors from the Snort community for
> working with us and making the documentation more accurate and
> usable.
>
> * Updates to the sensitive data preprocessor for handling HTTP
> traffic and reducing false positives.
>
> * Updates to Snort's config parsing to provide more meaningful
> error messages relating to snort.conf errors and configuration
> display at startup.
>
> * Updates to Snort's active response packets whether via response
> keyword or part of inline normalization.
>
> * Improvements to HTTP Inspect processing of chunked HTTP data.
> Additional HTTP Inspect alerts for evasion attempts such as small
> chunks and excessive whitespace in folded headers.
>
> * Updates to the statistics Snort prints to console or syslog
> at exit for different preproessors.
>
> Please see the Release Notes and ChangeLog for more details.
>
> Please submit bugs, questions, and feedback to snort-beta@sourcefire.com.
>
> Happy Snorting!
> The Snort Release Team
>
>
> ------------------------------------------------------------------------------
> Magic Quadrant for Content-Aware Data Loss Prevention
> Research study explores the data loss prevention market. Includes in-depth
> analysis on the changes within the DLP market, and the criteria used to
> evaluate the strengths and weaknesses of these DLP solutions.
> http://www.accelacomm.com/jaw/sfnl/114/51385063/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel