Friday, January 24, 2014

Snort is now available!

Snort is now available on, at in the Latest Release section.

[*] New additions
* Add support to do file specific processing within DCERPC preprocessor for
files being transferred over SMB. 
* File capture and storage -- saves files as they traverse the network via a
new preprocessor that ties in support within HTTP, FTP, SMTP, POP, IMAP,
and SMB. See README.file and README.file_server (under tools/file_server)
for details. 
* Add <= and >= operators to byte_test rule option. 
* Update SMTP to detect Cyrus SASL authentication attack. 
* Add capability to capture a single session from start to end. 
* EXPERIMENTAL: Add support to leverage file type identification in snort
rules. See README.file_ips for details. 
[*] Improvements 
* Only inject active responses when a TCP session is established. 
* Update the POP and IMAP protocols to support simple PAF for improved
identification and capture of files. 
* Update SMTP, POP, IMAP to improve inspection when mime boundaries are
split across packets. 
* Address issue to address end of line incorrectly for Quoted Printable
email attachments. 
* Handle out of order SSL handshake in SMTP when STARTTLS is used and
fix checks for SSL type only within the SSL hand shake. 
* Update sensitive data preprocessor to handle a stateful search of
patterns across multiple packets. 
* Address a few issues in the Snort manual and other READMEs for flowbits
and tunneling. 
* Save off packet data for quicker debugging in case of a SIGABRT or SIGBUS. 
* Fix alignment of sfxhash node for SPARC platforms.

See the Release Notes and ChangeLog for more details.

 Please submit bugs, questions, and feedback to

 Happy Snorting! The Snort Release Team

No comments:

Post a Comment