Thursday, January 19, 2012

Snort 2.9.2.1 is now available!

Snort 2.9.2.1 includes the following updates and improvements:
* Added new alerts for HTTP (undefined methods & HTTP 0.9 simple requests).

* Updates to the Stream preprocessor in TCP session tracking to avoid re-queuing retransmitted data that was already flushed. Also various tweaks for PAF flushing.

* Updates to the reputation preprocessor to handle shared memory switching.

* Updates to the SCADA preprocessors in their handling of PAF flushing and Modbus request/response length checking. Also tweaks in alerts for reserved DNP3 functions.

* Updates to flowbit groups to always use the group when some rules refer to a flow group while others do not refer to a group for the same flowbit.

* Updates to GTP preprocessor to check invalid extension header length for GTPv1.

* Updates to sfrt library, used in reputation preprocessor and target based configuration, when calculating memory allocated and support for IPv6.

It is now available at https://www.snort.org/downloads in the Latest Release section.