Monday, August 17, 2015

Snort 2.9.8 Beta has been released!

Join us as we welcome the newest Snort beta, 2.9.8!  Check out the following release notes:

Snort 2.9.8 Beta

[*] New additions

  • AppID is no longer experimental.
  • SMBv2/SMBv3 support for file inspection. 
  • Port override for metadata service in IPS rules.
  • AppID Lua detector performance profiling.
  • Perfmon dumps stats at fixed intervals from absolute time.
  • New preprocessor alert (18:120) to detect SSH tunneling over HTTP
  • New config option |disable_replace| to disable replace rule option.
  • New Stream configraution |log_asymmetric_traffic| to control logging to syslog.
  • New shell script in tools to create simple Lua detetors for AppID.

[*] Improvements

  • sfip_t refactored to use struct in6_addr for all ip addresses.
  • Post-detection callback for preprocessors.
  • AppID support for multiple server/client detectors evaluting on same flow.
  • AppID API for DNS packets.
  • Memory optimizations throughout.
  • Support sending UDP active responses.
  • Fix permon tracking of pruned packets.
  • Improved support for expected sessions.

You can download and use Snort 2.9.8 beta after downloading it from the Snort.org Downloads page under "Development Releases"

Feedback on Snort 2.9.8.0 Beta can be provided on the Snort-Devel mailing list!

Thank you for supporting Snort.