Snort mailing list archives
Snort 2.3.0 RC1 available for download
From: Jeremy Hewlett <jh () sourcefire com>
Date: Thu, 18 Nov 2004 16:37:25 -0500
Greetings All! Snort 2.3.0RC1 has officially been released, hooray! A big thanks to everyone in the Snort community for your ideas and testing. Please check it out and give us some feedback. The following are the release notes for 2.3.0 RC1: * Added IPS functionality from Snort-Inline. A big thanks to the Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor Julien). Also, Thanks Dan Roelker for doing the integrating of Snort-Inline into the official Snort project. * Added new portscan detector. The design and implementation was headed up by Dan Roelker, and included Marc Norton and Jeremy Hewlett. * Numerous changes for better 64bit Snort support from Jeremy Hewlett and Marc Norton. Additionally, an --enable-64bit-gcc option was added to configure. However, there are still some memory alignment issues to work out before 64bit mode is fully functional, patches are welcomed. Thanks Chris Baker for doing 64bit testing. * Added not_established keyword to the flow detection option. This allows snort to do dynamic firewall rulesets. Experimental for now. * Added an enforce_state keyword to stream4 so we won't pick up midstream sessions. This works well for asynchronous links and also for just monitoring legitimate traffic. * Relocated ./contrib files to http://www.snort.org/dl/contrib as many are not maintained by Sourcefire and are out of date. The rpm and schema files have been relocated in their respective 'rpm' and 'schemas' directories under the snort parent directory. * perfmonitor config line can now be configured with "accumulate" or "reset." Thanks Marc Norton for the feature, and Barry Basselgia for pointing out the issue. Thanks Scott Dexter and Andreas Ostling for doing some initial testing. * Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson and Clay McClure. Thanks guys. * Fixed reference times to match log time for first packet, for an event generated by a reassembled packet. Incremented event ID to give unique ID for each packet. Also made unified logging compatible with Windows. Thanks Andrew Mullican for the fix. * Fixed linux perfmonitoring stats for the 2.6 kernel. Thanks to everyone that reported this bug. Thanks Dan Roelker for the fix. * Get thresholding/suppression to work for alerts that do not contain an ip header (primarily decode alerts). Thanks Brian Caswell. * Fix conditions where snort would log double web alerts that contained only content options (no uricontents). Thanks to kawa for finding and reporting this bug. * Fix suppression/thresholding bug for non-rule alerts. Thanks to Alex Butcher for reporting it to us. * Many other bug fixes, please check the ChangeLog for details. The Snort manual and FAQ have not yet been updated for this release. However, the ./doc/* are up to date. RPMS and tarball are at the usual place, http://www.snort.org/dl. Win32 binary will be up shortly. Thanks again, and happy Snorting! Cheers, The Snort Team ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.3.0 RC1 available for download Jeremy Hewlett (Nov 18)