The following changes were made to the
snort.conf
in this release, we suggest you use the most current snort.conf from the VRT tarball to upgrade, or use the snort.conf configuration download page found here: Snort.conf configuration pageAdded a variable for GTP_PORTS
# List of GTP ports for GTP preprocessor
portvar GTP_PORTS [2123,2152,3386]
Changed the rule path for the IP reputation preprocessor, you should modify this in your environment:
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
Added a configure line for the GTP preprocessor (v2.9.2.0), off by default.
# config enable_gtp
Added some new http_methods to the http inspect preprocessor (v2.9.2.0):
http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA }
Enabled javascript normalization by default in the http inspect preprocessor:
normalize_javascript
Added configurations for the modbus and dnp3 preprocessors:
# Modbus preprocessor. For more information see README.modbus
preprocessor modbus: ports { 502 }
# DNP3 preprocessor. For more information see README.dnp3
preprocessor dnp3: ports { 20000 } \
memcap 262144 \
check_crc
In VRT's rule release:
Synopsis:This release also provides coverage for a new FreeBSD telnetd overflow, this can be found in sids: 20812 and 20813.
This release adds and modifies rules in several categories.
Details:
The Sourcefire VRT has added and modified multiple rules in the smtp,
specific-threats and web-client rule sets to provide coverage for
emerging threats from these technologies.
In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!