snort-sigs November 2010 archive
Main Archive Page > Month Archives  > snort-sigs archives
snort-sigs: Re: [Snort-sigs] [Emerging-Sigs] [Snort-devel] Snort

Re: [Snort-sigs] [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available

From: Miso Patel <miso.patel_at_nospam>
Date: Wed Nov 03 2010 - 13:39:28 GMT
To: L0rd Ch0de1m0rt <l0rdch0de1m0rt@gmail.com>

This is concerning to me and not something I expect from an enterprise
product. I think I've mentioned this before but Windows XP is still
supported after more than 10 years.

So as soon as a new "three digit" release comes out, the old stuff is not
supported? What about all the snorts in embedded devices (over 100 from
what I read)? What about bugs? For example, 2.9.0 comes out and according
to this thread, there are bug with HTTP inspect and stream reassembly. But
people are forced to upgrade since 2.8.x is no longer supported. But then
they upgrade to a buggy version that can be bypassed and it seems like
catch-22.

Now I am curious, what is the support model for Suricata? I know ET Pro
supports rules back to 2.4 but does OISF/Suricata adopt the same stance as
Sourcefire here?

Miso Patel, CISO

On Wed, Nov 3, 2010 at 8:25 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt@gmail.com>wrote:

> I guess I'm confused here ... I thought "support" for Snort was
> current version and current version minus 1. What you say says
> "support" is current version and current version minus zero. When did
> this happen?
>
> -L0rd C.
>
> On Tue, Nov 2, 2010 at 5:34 PM, Steven Sturges
> <steve.sturges@sourcefire.com> wrote:
> > There was an issue in that HTTP inspect wasn't correctly handling
> > raw vs. stream reassembled packets when looking at HTTP response
> > data. This fix is included in 2901 -- refer to ChangeLog (changes
> > to hi_client.c/hi_server.c).
> >
> > As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
> > is no longer supported. When there is a new "3 digit" release no
> > further patches are made to the previous version of Snort.
> >
> > On 11/1/2010 1:05 PM, L0rd Ch0de1m0rt wrote:
> >> Hello. Does this release fix the issue where the HTTP pre-processor
> >> wasn't properly examining reassembled data across fragmented packets?
> >> (I don't know the exact cause of the bug - maybe it was the other way
> >> around and Stream5 wasn't properly doing the reassebly.) It was
> >> announced that there would be a patch for that issue, just want to see
> >> if this is it. If so, when can we expect the 2.8.6.1 patch be
> >> released? 2.8.6.1 is still supported, right?
> >>
> >> Thanks!
> >>
> >> -L0rd C.
> >>
> >> On Mon, Nov 1, 2010 at 11:45 AM, Snort Releases <
> snortreleases@snort.org> wrote:
> >>> Snort 2.9.0.1 is now available on snort.org, at
> >>> http://www.snort.org/snort-downloads/.
> >>>
> >>> 2.9.0 RC & later packages are signed with a new PGP key
> >>> (that is signed with the previous key).
> >>>
> >>> Snort 2.9.0.1 addresses the following:
> >>>
> >>> * Fixed maximum flowbits configuration parsing to specify the number
> >>> of bits in accordance with the Snort manual, rather than number of
> >>> bytes. If you have 'config flowbits_size' in your snort.conf,
> >>> double check that it has the correct setting.
> >>>
> >>> * Fixed a packet size issue with the IPQ and NFQ DAQs.
> >>>
> >>> * Fixed issue with Stream5 overlap limit processing.
> >>>
> >>> * Updated the version of LibPCRE bundled with the Windows installer.
> >>> This update fixes a bug that caused some PCRE matches to fail
> >>> on Windows.
> >>>
> >>> Please see the Release Notes and ChangeLog for more details.
> >>>
> >>> Please submit bugs, questions, and feedback to
> snort-beta@sourcefire.com.
> >>>
> >>> Happy Snorting!
> >>> The Snort Release Team
> >>>
> >>>
> >>>
> ------------------------------------------------------------------------------
> >>> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> >>> Create new apps & games for the Nokia N8 for consumers in U.S. and
> Canada
> >>> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> >>> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi
> Store
> >>> http://p.sf.net/sfu/nokia-dev2dev
> >>> _______________________________________________
> >>> Snort-devel mailing list
> >>> Snort-devel@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/snort-devel
> >>>
> >>
> >
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs@emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
> Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
>

------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware,
phishing sites, and compromised hosts - saving your company time,
money, and embarrassment. Learn More!
http://p.sf.net/sfu/hpdev2dev-nov

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs