Snort 2.9.3 RC Released - Hacking Tools Download Download Hacking Tools at 'Tools Yard': Snort 2.9.3 RC Released

Snort 2.9.3 RC Released

Labels:
, , , , ,

Snort 2.9.3 RC is now available on Snort.org. 2.9.0 RC & later packages are signed with a new PGP key. Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS), created by Martin Roesch in 1998. Snort's open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans.
snort

Snort 2.9.3 introduces the following new capabilities:

New additions
  • Updates to flowbit rule option to allow for OR and AND of individual bits within a single rule, and allow flowbits to be used in multiple groups. See README.flowbits and the Snort manual for details.
  • Dynamic output plugin architecture to provide an API that developers can write their own output mechanisms to log alert and packet data from Snort. Some output plugins have been removed as a result of this to be maintained by their respective authors.
  • Update to dcerpc2 preprocessor for improved accuracy and handling of different OSs for SMB processing. See README.dcerpc2 and the Snort manual for details.
  • Updates to reputation preprocessor for handling of whitlelist and trustlists and zone information. See README.reputation and the Snort manual for details.
  • Updates to the packet decoders to support pflog v4.
Improvements
  • Update to return error messages through the control socket.
  • Updates to the processing of email attachments for better handling of non-encoded attachments, and improved memory management for attachment processing.
  • Improvements in HTTP Inspect for better performance with gzip decompression. Also improvements for handling simple responses, encoded query strings, transfer encoding and chunk encoding processing.
  • Fix logging of multiple unified2 alerts with reassembled packets.
  • Compiler warning cleanup across multiple platforms.
  • Added 116:458 and 116:459 to cover fragmentation issues.
  • Added detailed documentation of unified2 logging configuration and logging.
  • Removed --enable-decoder-preprocessor-rules configure option and hardened preprocessor and decoder rule event code. To enable old behavior such that specific preprocessor and decoder rules don't have to be explicity added to snort.conf, add "config autogenerate_preprocessor_decoder_rules" to your snort.conf.
  • Fixed SMTP mempool allocation for significant memory savings. Also tweaked memory required per stream5 session tracker.
  • Force exact versioning match of running dynamic engine and dynamic engine used to build SO rules. This will cause Snort to generate an error and exit if .so rules are used from an older version.
  • User can now query reputation pp for routing table and management information


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Thursday, June 21, 2012  

The Hacker News - Daily Updates