Just posted to Snort.org, Snort 2.9.7.0 Alpha. We have some exciting things in store here that we've been looking forward to releasing. Please see the below notes for more details!
We also put out a couple of press releases this morning about OpenAppID. Take a look:
http://finance.yahoo.com/news/cisco-security-introduces-open-source-130000271.html
Our founder Marty also wrote a blog post over on the Cisco blog:
http://blogs.cisco.com/security/cisco-announces-openappid-the-next-open-source-game-changer-in-cybersecurity/
Follow the @Snort account on Twitter to stay current with our releases!
2014-02-25 - Snort 2.9.7.0 alpha
[*] New additions
* Application Identification Preprocessor, when used in conjunction with
open app ID detector content, that will identify application protocol,
client, server, and web applications and include the info in Snort alert
data. In addition, a new rule option keyword 'appid' that can be used
to constrain Snort rules based on one or more applications that are identified
for the connection. See README.appid for details. Please report issues
or ask questions via a new mailing list: snort-openappid@sourceforge.net.
* A new protected_content rule option that is used to match against a content
that is hashed. It can be used to obscure the full context of the rule from
the administrator.
* Protocol Aware Flushing (PAF) improvements for SMTP, POP, and IMAP to
more accurately process different portions of email messages and file
attachments.
[*] Improvements
* Update active response to allow for responses of 1500+ bytes that span
multiple TCP packets.
* Check limits of multiple configurations to not exceed a maximum ID of 4095.
* Updated the error output of byte_test, byte_jump, byte_extract to
including details on offending options for a given rule.
* Update build and install scripts to install preprocessor and engine libraries
into user specified libdir.
Get Snort 2.9.7.0 Alpha here! https://www.snort.org/downloads
