Snort mailing list archives

Re: Snort 2.9.8 Now Available

From: Rafael Leiva-Ochoa <spawn () rloteck net>
Date: Tue, 1 Dec 2015 13:17:53 -0800

Works fine for me too when upgrading from 2.9.7.x

On Tuesday, December 1, 2015, Rafael Paris <raparis () gmail com> wrote:

Good afternoon everyone.

I have upgraded to snort 2.9.8.0 on 2 sensors with 2.9.7.6 signatures with
no problems. They usually works fine.

Cheers,

Rafael Paris

2015-11-30 21:06 GMT-04:30 Dr. Stephen Gantz <
stephen.gantz () faculty umuc edu
<javascript:_e(%7B%7D,'cvml','stephen.gantz () faculty umuc edu');>>:

Any issue with running 2.9.7.6 rules with this release pending a 2.9.8
ruleset?



Dr. Stephen D. Gantz
CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO
Professor of Information Assurance
The Graduate School
University of Maryland University College
stephen.gantz () faculty umuc edu
<javascript:_e(%7B%7D,'cvml','stephen.gantz () faculty umuc edu');>
-------- Original message --------
From: Snort Releases <snortreleases () snort org
<javascript:_e(%7B%7D,'cvml','snortreleases () snort org');>>
Date: 11/30/2015 2:30 PM (GMT-05:00)
To: snort-devel () lists sourceforge net
<javascript:_e(%7B%7D,'cvml','snort-devel () lists sourceforge net');>,
snort-users () lists sourceforge net
<javascript:_e(%7B%7D,'cvml','snort-users () lists sourceforge net');>
Subject: [Snort-users] Snort 2.9.8 Now Available

Snort 2.9.8 is now available on snort.org at
http://www.snort.org/downloads in the Snort Stable Release section.

2015-11-17 - Snort 2.9.8.0
[*] New additions
 *  SMBv2/SMBv3 support for file inspection.

 *  Port override for metadata service in IPS rules.

 *  AppID Lua detector performance profiling.

 *  Perfmon dumps stats at fixed intervals from absolute time.

 *  New preprocessor alert (120:18) to detect SSH tunneling over HTTP

 *  New config option |disable_replace| to disable replace rule option.

 *  New Stream configuration |log_asymmetric_traffic| to control logging to syslog.

 *  New shell script in tools to create simple Lua detectors for AppID.

[*] Improvements
 *  sfip_t refactored to use struct in6_addr for all ip addresses.

 *  Post-detection callback for preprocessors.

 *  AppID support for multiple server/client detectors evaluating on same flow.

 *  AppID API for DNS packets.

 *  Memory optimizations throughout.

 *  Support sending UDP active responses.

 *  Fix perfmon tracking of pruned packets.

 *  Stability improvements for AppID.

 *  Stability improvements for Stream6 preprocessor.

 *  Added improved support to block malware in FTP preprocessor.

 *  Added support to differentiate between active and passive FTP connections.

 *  Improvements done in Stream6 preprocessor to avoid having duplicate packets
    in the DAQ retry queue.

 *  Resolved an issue where reputation config incorrectly displayed 'blacklist' in
    priority field even though 'whitelist' option was configured.

 *  Added support for multiple expected sessions created per packet

 *  Active response now supports MPLS



Please submit bugs, questions, and feedback to  bugs () snort org <javascript:_e(%7B%7D,'cvml','tobugs () snort 
org');>  or the

Snort-Users mailing list.



Happy Snorting!

The Snort Release Team




------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple
OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
<javascript:_e(%7B%7D,'cvml','Snort-users () lists sourceforge net');>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort 2.9.8 Now Available Snort Releases (Nov 30)
- <Possible follow-ups>
- Re: Snort 2.9.8 Now Available Dr. Stephen Gantz (Nov 30)
  - Re: [Snort-users] Snort 2.9.8 Now Available Y M (Dec 01)
    - Re: [Snort-users] Snort 2.9.8 Now Available Michael Steele (Dec 01)
    - Re: [Snort-users] Snort 2.9.8 Now Available Joel Esler (jesler) (Dec 01)
  - Re: Snort 2.9.8 Now Available Rafael Paris (Dec 01)
    - Re: Snort 2.9.8 Now Available Rafael Leiva-Ochoa (Dec 01)