Thursday, March 26, 2015

Snort++ Update

Just pushed build 143 to github (snortadmin/snort3):

  • added ssh inspector
  • apply service from hosts when inspector already bound to flow
  • ensure direction and service are applied to packet regardless of flow state
  • enable active for react / reject only if used in configuration
  • fixed use of bound ip and tcp policy if not set in hosts
  • eliminate dedicated nhttp chunk buffer
  • minor nhttp cleanup in StreamSplitter