Please join us in welcoming Snort 2.9.8.0 to the family! The following are the release notes:
Snort 2.9.8.0
[*] New additions
* SMBv2/SMBv3 support for file inspection.
* Port override for metadata service in IPS rules.
* AppID Lua detector performance profiling.
* Perfmon dumps stats at fixed intervals from absolute time.
* New preprocessor alert (120:18) to detect SSH tunneling over HTTP
* New config option |disable_replace| to disable replace rule option.
* New Stream configuration |log_asymmetric_traffic| to control logging to syslog.
* New shell script in tools to create simple Lua detectors for AppID.
[*] Improvements
* sfip_t refactored to use struct in6_addr for all ip addresses.
* Post-detection callback for preprocessors.
* AppID support for multiple server/client detectors evaluating on same flow.
* AppID API for DNS packets.
* Memory optimizations throughout.
* Support sending UDP active responses.
* Fix perfmon tracking of pruned packets.
* Stability improvements for AppID.
* Stability improvements for Stream6 preprocessor.
* Added improved support to block malware in FTP preprocessor.
* Added support to differentiate between active and passive FTP connections.
* Improvements done in Stream6 preprocessor to avoid having duplicate packets
in the DAQ retry queue.
* Resolved an issue where reputation config incorrectly displayed 'blacklist' in
priority field even though 'whitelist' option was configured.
* Added support for multiple expected sessions created per packet
* Active response now supports MPLS
As always Snort can be downloaded from the Snort Downloads page on Snort.org! Please provide your feedback via the Snort Mailing lists!
We'd like to thank the following Snort Community members for their submissions to Snort which have been released in Snort 2.9.8.0:
Mike Cox
Gabriel Corre
Alexander Bubnov
