Thanks to Jason Weir, I just posted his Snort 2.9.2.3 Install Guide for Debian 6.0.5.
You may find his updated guide at http://www.snort.org/docs. We'd like to thank Jason Weir and the rest of the Snort community with their constant support, guides, bug reports, false positive reports, and participation in the mailing lists.
You all are fantastic!
Thanks Jason!
The Official Blog of the World Leading Open-Source IDS/IPS Snort.
Friday, May 18, 2012
Snort 2.9.3 Beta Now Available
Snort 2.9.3 Beta is now available on snort.org, at http://www.snort.org/snort-downloads/ in the Latest Development Release section.
2.9.0 RC & later packages are signed with a new PGP key (that is signed with the previous key).
Snort 2.9.3 introduces the following new capabilities:
[*] New additions
* Updates to flowbit rule option to allow for OR and AND of individual bits within a single rule, and allow flowbits to be used in multiple groups. See README.flowbits and the Snort manual for details.
* Dynamic output plugin architecture to provide an API that developers can write their own output mechanisms to log alert and packet data from Snort. Some output plugins have been removed as a result of this to be maintained by their respective authors.
* Update to dcerpc2 preprocessor for improved accuracy and handling of different OSs for SMB processing. See README.dcerpc2 and the Snort manual for details.
* Updates to reputation preprocessor for handling of whitlelist and trustlists and zone information. See README.reputation and the Snort manual for details.
* Updates to the packet decoders to support pflog v4.
[*] Improvements
* Update to return error messages through the control socket.
* Updates to the processing of email attachments for better handling of non-encoded attachments, and improved memory management for attachment processing.
* Improvements in HTTP Inspect for better performance with gzip decompression. Also improvements for handling simple responses, encoded query strings, transfer encoding and chunk encoding processing.
* Fix logging of multiple unified2 alerts with reassembled packets.
* Compiler warning cleanup across multiple platforms.
* Added 116:458 and 116:459 to cover fragmentation issues.
Please see the Release Notes and ChangeLog for more details.
Please submit bugs, questions, and feedback to snort-beta@sourcefire.com.
Thursday, May 17, 2012
VRT Rule Update for 05/17/2012
Join us as we welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 25 new rules and made modifications to 814 additional rules.
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the backdoor, blacklist, botnet-cnc, dos, exploit, file-identify, file-office, file-pdf, indicator-compromise, phishing-spam, server-mail, smtp, specific-threats, web-activex and web-misc rule sets to provide coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
Tuesday, May 15, 2012
Snort 2.9.2.3 has been released!
Snort 2.9.2.3 is now available on snort.org, at http://www.snort.org/snort-downloads/ in the Latest Release section.
2.9.0 RC & later packages are signed with a new PGP key (that is signed with the previous key).
Snort 2.9.2.3 includes changes for the following:
* Update to GTP preprocessor to better handle GTPv1 data.
* Update to DNP3 preprocessor to add stricter checking on
packets before processing by dnp3. Improved checking
on reassembly buffer
* Update to PCRE rule option processing to prevent issues
seen w/ libpcre-8.30 and certain rules.
* Update to dcerpc2 to not abort reassembly if target-based
protocol is undefined.
Please submit bugs, questions, and feedback to bugs@snort.org.
Friday, May 11, 2012
VRT: PHP-CGI vulnerability - exploits in the wild and Snort coverage
VRT: PHP-CGI vulnerability - exploits in the wild and Snort coverage:
Just wanted to call our Snort.org blog subscribers out to this article by Alex Kirk over on our VRT Blog. This article deals with the PHP-CGI vulnerability and which Snort rules you need to enable in order to protect your network from it.
Take a look!
Just wanted to call our Snort.org blog subscribers out to this article by Alex Kirk over on our VRT Blog. This article deals with the PHP-CGI vulnerability and which Snort rules you need to enable in order to protect your network from it.
Take a look!
Thursday, May 10, 2012
VRT Rule Update for 05/10/2012
Join us as we welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 819 new rules and made modifications to 554 additional rules.
There were no changes made to the
In VRT's rule release:
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
There were no changes made to the
snort.conf in this release.In VRT's rule release:
Synopsis:
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the
backdoor, blacklist, botnet-cnc, dos, file-office, file-other,
indicator-compromise, misc and specific-threats rule sets to provide
coverage for emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!
2012 Snort Scholarship is now open!
Annually, Sourcefire provides a Snort Scholarship to two individuals selected at random (by drawing) in the amount of $5000 US for higher education purposes. The winners also receive a 10,000 credit to use toward any training courses or certification exam in the Sourcefire Security Education Program.
To be eligible, you must meet the legal criteria found here on our website, sign up for the scholarship here, and following that, on or about May 31, 2012, two winners will be selected.
For further information, please see the links above, also found linked here.
To be eligible, you must meet the legal criteria found here on our website, sign up for the scholarship here, and following that, on or about May 31, 2012, two winners will be selected.
For further information, please see the links above, also found linked here.
Subscribe to:
Posts (Atom)