Friday, January 24, 2014

Snort 2.9.6.0 is now available!

Snort 2.9.6.0 is now available on Snort.org, at http://www.snort.org/snort-downloads in the Latest Release section.

[*] New additions
* Add support to do file specific processing within DCERPC preprocessor for
files being transferred over SMB. 
* File capture and storage -- saves files as they traverse the network via a
new preprocessor that ties in support within HTTP, FTP, SMTP, POP, IMAP,
and SMB. See README.file and README.file_server (under tools/file_server)
for details. 
* Add <= and >= operators to byte_test rule option. 
* Update SMTP to detect Cyrus SASL authentication attack. 
* Add capability to capture a single session from start to end. 
* EXPERIMENTAL: Add support to leverage file type identification in snort
rules. See README.file_ips for details. 
[*] Improvements 
* Only inject active responses when a TCP session is established. 
* Update the POP and IMAP protocols to support simple PAF for improved
identification and capture of files. 
* Update SMTP, POP, IMAP to improve inspection when mime boundaries are
split across packets. 
* Address issue to address end of line incorrectly for Quoted Printable
email attachments. 
* Handle out of order SSL handshake in SMTP when STARTTLS is used and
fix checks for SSL type only within the SSL hand shake. 
* Update sensitive data preprocessor to handle a stateful search of
patterns across multiple packets. 
* Address a few issues in the Snort manual and other READMEs for flowbits
and tunneling. 
* Save off packet data for quicker debugging in case of a SIGABRT or SIGBUS. 
* Fix alignment of sfxhash node for SPARC platforms.


See the Release Notes and ChangeLog for more details.

 Please submit bugs, questions, and feedback to bugs@snort.org.

 Happy Snorting! The Snort Release Team

No comments:

Post a Comment