Wednesday, October 7, 2015

Snort Release Candidate has been released!

Snort 2.9.8 Release Candidate has been posted for download!  Please check out the below release notes:

2015-08-28 - Snort 2.9.8_rc
[*] New additions
  • Port override for metadata service in IPS rules.
  • SMBv2/SMBv3 support for file inspection.
  • AppID Lua detector performance profiling.
  • Perfmon dumps stats at fixed intervals from absolute time.
  • New preprocessor alert (18:120) to detect SSH tunneling over HTTP
  • New config option |disable_replace| to disable replace rule option.
  • New Stream configuration |log_asymmetric_traffic| to control logging to syslog.
  • New shell script in tools to create simple Lua detectors for AppID.
[*] Improvements
  • Added support to differentiate between active and passive FTP connections.
  • sfip_t refactored to use struct in6_addr for all ip addresses.
  • Post-detection callback for preprocessors.
  • AppID support for multiple server/client detectors evaluating on same flow.
  • AppID API for DNS packets.
  • Memory optimizations throughout.
  • Support sending UDP active responses.
  • Fix perfmon tracking of pruned packets.
  • Stability improvements for AppID.
  • Stability improvements for Stream6 preprocessor.
  • Added improved support to block malware in FTP preprocessor.
  • Improvements done in Stream6 preprocessor to avoid having duplicate packets in the DAQ retry queue.
  • Resolved an issue where reputation config incorrectly displayed 'blacklist' in priority field even though 'whitelist' option was configured.

As always, please download, check it out, and provide feedback to the community and developers on the Snort-Users or Snort-Devel lists.