Re: [Emerging-Sigs] [Snort-devel] Snort 2.9.0.1 Now Available

[Matthew Jonkman <jonkman () emergingthreatspro com>]

On Nov 3, 2010, at 9:39 AM, Miso Patel wrote:

> This is concerning to me and not something I expect from an enterprise product.  I think I've mentioned this before 
> but Windows XP is still supported after more than 10 years.
>
> So as soon as a new "three digit" release comes out, the old stuff is not supported?  What about all the snorts in 
> embedded devices (over 100 from what I read)?  What about bugs?  For example, 2.9.0 comes out and according to this 
> thread, there are bug with HTTP inspect and stream reassembly.  But people are forced to upgrade since 2.8.x is no 
> longer supported.  But then they upgrade to a buggy version that can be bypassed and it seems like catch-22.
>
> Now I am curious, what is the support model for Suricata?  I know ET Pro supports rules back to 2.4 but does 
> OISF/Suricata adopt the same stance as Sourcefire here?

I feel your pain, that's one reason we exist. We will continue to support all the way back to 2.4 as long as it is used 
by customers. We have several that are using our rules for embedded devices that have no capability or benefit from 
upgrading. 

Same with suricata. We'll support old versions back as long as they're in use. 

If we hit the 10 year mark on 2.4 then we can take a second look, or stop adding new rules. But we'll not discontinue 
distributing what exists for certain. 

Matt


> Miso Patel, CISO
>
> On Wed, Nov 3, 2010 at 8:25 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com> wrote:
> I guess I'm confused here ... I thought "support" for Snort was
> current version and current version minus 1.  What you say says
> "support" is current version and current version minus zero.  When did
> this happen?
>
> -L0rd C.
>
> On Tue, Nov 2, 2010 at 5:34 PM, Steven Sturges
> <steve.sturges () sourcefire com> wrote:
> > There was an issue in that HTTP inspect wasn't correctly handling
> > raw vs. stream reassembled packets when looking at HTTP response
> > data.  This fix is included in 2901 -- refer to ChangeLog (changes
> > to hi_client.c/hi_server.c).
> >
> > As to the support of 2.8.6, with the release of 2.9.0, 2.8.6.x
> > is no longer supported.  When there is a new "3 digit" release no
> > further patches are made to the previous version of Snort.
> >
> > On 11/1/2010 1:05 PM, L0rd Ch0de1m0rt wrote:
> > > Hello. Does this release fix the issue where the HTTP pre-processor
> > > wasn't properly examining reassembled data across fragmented packets?
> > > (I don't know the exact cause of the bug - maybe it was the other way
> > > around and Stream5 wasn't properly doing the reassebly.)  It was
> > > announced that there would be a patch for that issue, just want to see
> > > if this is it.  If so, when can we expect the 2.8.6.1 patch be
> > > released?  2.8.6.1 is still supported, right?
> > >
> > > Thanks!
> > >
> > > -L0rd C.
> > >
> > > On Mon, Nov 1, 2010 at 11:45 AM, Snort Releases <snortreleases () snort org> wrote:
> > > > Snort 2.9.0.1 is now available on snort.org, at
> > > > http://www.snort.org/snort-downloads/.
> > > >
> > > > 2.9.0 RC & later packages are signed with a new PGP key
> > > > (that is signed with the previous key).
> > > >
> > > > Snort 2.9.0.1 addresses the following:
> > > >
> > > >  * Fixed maximum flowbits configuration parsing to specify the number
> > > >    of bits in accordance with the Snort manual, rather than number of
> > > >    bytes.  If you have 'config flowbits_size' in your snort.conf,
> > > >    double check that it has the correct setting.
> > > >
> > > >  * Fixed a packet size issue with the IPQ and NFQ DAQs.
> > > >
> > > >  * Fixed issue with Stream5 overlap limit processing.
> > > >
> > > >  * Updated the version of LibPCRE bundled with the Windows installer.
> > > >    This update fixes a bug that caused some PCRE matches to fail
> > > >    on Windows.
> > > >
> > > > Please see the Release Notes and ChangeLog for more details.
> > > >
> > > > Please submit bugs, questions, and feedback to snort-beta () sourcefire com.
> > > >
> > > > Happy Snorting!
> > > > The Snort Release Team
> > > >
> > > >
> > > > ------------------------------------------------------------------------------
> > > > Nokia and AT&T present the 2010 Calling All Innovators-North America contest
> > > > Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> > > > $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
> > > > Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> > > > http://p.sf.net/sfu/nokia-dev2dev
> > > > _______________________________________________
> > > > Snort-devel mailing list
> > > > Snort-devel () lists sourceforge net
> > > > https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
>
> ------------------------------------------------------------------------------
> Achieve Improved Network Security with IP and DNS Reputation.
> Defend against bad network traffic, including botnets, malware, 
> phishing sites, and compromised hosts - saving your company time, 
> money, and embarrassment.   Learn More! 
> http://p.sf.net/sfu/hpdev2dev-nov_______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



------------------------------------------------------------------------------
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware, 
phishing sites, and compromised hosts - saving your company time, 
money, and embarrassment.   Learn More! 
http://p.sf.net/sfu/hpdev2dev-nov

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs