Thursday, March 31, 2016

Snort Subscriber Rule Set Update for 03/31/2016

Just released:
Snort Subscriber Rule Set Update for 03/31/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 18 new rules and made modifications to 17 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
38378
38379
38380

Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-ie, browser-other, exploit-kit, file-flash, indicator-obfuscation, malware-cnc, malware-other, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Wednesday, March 30, 2016

Snort 2.9.8.2 has been released!

Snort 2.9.8.2 is now available on snort.org at
http://www.snort.org/downloads in the Snort Stable Release section.

2016-03-09 - Snort 2.9.8.2
[*] New additions
  *  Future-flow and DNS API exposed to lua detector.

  *  Double VLAN tagging support.

[*] Improvements
  *  Performance improvements to AppID.

  *  Stability improvements to file and ftp_telnet preprocessor.

  *  Fixed several issues with SDF and obfuscation.

  *  Resolved an issue of improper handling of malformed DNS host
     in AppID.

  *  HTTP PAF accepts all tokens between method and version strings in a request URI.

  *  Resolved snort build issue with "--disable-perfprofiling" configure option.

  *  Enhanced mime parsing by adding support for detecting files after unknown headers and no headers.

  *  Fixed issue with gzip decompression. If the server response specifies Content-Encoding as GZIP, but no Content-Length field for HTTP ver 1.0.

  *  End of Header(EOH) identification for HTTP response header spanning multiple packets.

  *  Improved packet reassembly for HTTP.

  *  Fixed Flash LZMA decompression issue.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team


Tuesday, March 29, 2016

Snort Subscriber Rule Set Update for 03/29/2016

Just released:
Snort Subscriber Rule Set Update for 03/29/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 23 new rules and made modifications to 30 additional rules.

There were no changes made to the snort.conf in this release.


Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
38352
38353
38354
38355
38356
38357
38358
38359


Talos's rule release:
Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-other, exploit-kit, file-executable, file-image, file-java, indicator-obfuscation, malware-cnc, malware-other, os-linux, os-other, policy-other, protocol-dns, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Monday, March 28, 2016

2016 Snort Scholarship is now open!

Annually, Cisco provides a Snort Scholarship to two individuals selected at random (by drawing) in the amount of $5000 US for higher education purposes.

To be eligible, you must meet the legal criteria found here on our website (at the bottom), sign up for the scholarship here, and following that, on or about April 24, 2016, two winners will be selected.

Good Luck!

Snort++ Update

Pushed build 193 to github (snortadmin/snort3):

  • fix session parsing abort handling
  • fix shutdown memory leaks
  • fix building against LuaJIT using only pkg-config
  • fix FreeBSD build
  • perf_monitor config and format fixes
  • cmake - check all dependencies before fatal error
  • new_http_inspect unicode initialization bug fix
  • new_http_inspect %u encoding and utf 8 bare byte
  • continued tcp stream refactoring
  • legacy search engine cleanup
  • dcd2 port continued - add dce packet fragmentation
  • add configure --enable-address-sanitizer
  • add configure --enable-code-coverage
  • memory manager updates

Note: If you were using --with-luajit-include, you will need to make sure you specify the full path to the header files.

Friday, March 25, 2016

Snort Subscriber Rule Set Update for 03/24/2016

Just released:
Snort Subscriber Rule Set Update for 03/24/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 11 new rules and made modifications to 1 additional rules.

There were no changes made to the snort.conf in this release.


Talos's rule release:
Talos has added and modified multiple rules in the exploit-kit, file-flash, file-java, indicator-obfuscation and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Thursday, March 24, 2016

Snort Subscriber Rule Set Update for 03/23/2016

Just released:
Snort Subscriber Rule Set Update for 03/23/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 42 new rules and made modifications to 11 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-flash, file-identify, file-other, indicator-shellcode, malware-backdoor, malware-cnc, netbios, protocol-ftp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 22, 2016

Snort Subscriber Rule Set Update for 03/22/2016

Just released:
Snort Subscriber Rule Set Update for 03/22/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 17 new rules and made modifications to 190 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
38255
38256
38257
38258

Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-flash, file-image, file-java, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, protocol-dns, protocol-rpc and server-other rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Friday, March 18, 2016

Snort++ Update

Pushed build 192 to github (snortadmin/snort3):

  • use hwloc for CPU affinity
  • fix process stats output
  • add dce rule options iface, opnum, smb, stub_data, tcp
  • add dce option for byte_extract/jump/test
  • initial side channel and file connector for HA
  • continued memory manager implementation
  • add UTF-8 normalization for new_http_inspect
  • fix rule compilation for sticky buffers
  • host_cache and host_tracker config and stats updates
  • miscellaneous warning and lint cleanup
  • snort2Lua updates for preproc sensitive_data and sd_pattern option
Note that hwloc is a new dependency.  For best results, download and install the 1.11.2 tarball from https://www.open-mpi.org/projects/hwloc/.

Thursday, March 17, 2016

Snort Subscriber Rule Set Update for 03/17/2016

Just released:
Snort Subscriber Rule Set Update for 03/17/2016

We welcome the introduction of the newest rule release from Talos. In this release we introduced 24 new rules and made modifications to 16 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release: 
Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-office, indicator-obfuscation, malware-cnc, os-windows, protocol-dns, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 15, 2016

Snort Subscriber Rule Set Update for 03/15/2016

Just released:
Snort Subscriber Rule Set Update for 03/15/2016

We welcome the introduction of the newest rule release from Talos. In this release we introduced 20 new rules and made modifications to 30 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
CVE 2016-1010: Adobe Flash Player suffers from programming errors that may lead to remote code execution. Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 38238 through 38241. 
Talos has also added and modified multiple rules in the blacklist, browser-plugins, exploit-kit, file-flash, file-office, file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Friday, March 11, 2016

Snort Subscriber Rule Set Update for 03/11/2016

Just released:
Snort Subscriber Rule Set Update for 03/11/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 70 new rules and made modifications to 2 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:
Talos has added and modified multiple rules in the file-flash, file-multimedia, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Thursday, March 10, 2016

Snort Subscriber Rule Set Update for 03/10/2016

Just released:
Snort Subscriber Rule Set Update for 03/10/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 24 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-plugins, exploit-kit and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Wednesday, March 9, 2016

Snort Subscriber Rule Set Update for 03/09/2016

Just released:
Snort Subscriber Rule Set Update for 03/09/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 10 new rules and made modifications to 2 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-other, exploit-kit, malware-cnc, policy-other, protocol-dns, server-mail and server-webapp rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Community Snort Rule Monthly Detection Contest!

Here at Snort, we continue to welcome rule submissions to improve community detection. As a thanks to our community, we like to reward individuals with some cool “Snort swag” items such as our new “Snorty mug”, hoodies, Snort calendar, and other goodies for rule submissions accepted.

For further details, please read on:

Tuesday, March 8, 2016

Snort OpenAppID Detectors have been updated!

An update has been released today for the Snort OpenAppID Detector content.

This release, build 264, includes
  • A total of 2,813 detectors. 
  • It also includes some additional detectors that came in from the open source community. For more details on which contributions were included, we have added them in the AUTHORS file in this package.
Available now for download from our downloads page, we look forward to you downloading and using the new features of 2.9.7.0's and 2.9.8.0's OpenAppID preprocessor and sharing your experiences with the community.


The OpenAppID community has a mailing list specifically dedicated to the exchange and discussion of detector content.  Please visit the mailing lists page to sign up.

Snort++ Build 191 Available Now

Snort++ build 191 is now available on snort.org.  This is the latest monthly update available for download.  You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Click below for details:

Snort Subscriber Rule Set Update for 03/08/2016, MSTuesday

Just released:
Snort Subscriber Rule Set Update for 03/08/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 69 new rules and made modifications to 8 additional rules.

There were no changes made to the snort.conf in this release.

See below for the details of the release:

Monday, March 7, 2016

Snort 2.9.6.2 is EOL!

Just a notification to remind everyone that Snort 2.9.6.2 is now End of Life (EOL).  In accordance with our EOL policy, and reminders we've posted here on the blog, 2.9.6.2 met it's EOL date today.

We released 2.9.6.2 in July of 2014, and I believe that sets the record for the longest supported version of Snort we've ever had with close to 200 rule releases for this version.

2.9.6.2 lived a good life, but now it's time to upgrade our engines, Snort 2.9.8.0 is the current version of Snort, and we should upgrade immediately.

Thanks for all of your support!

Friday, March 4, 2016

Snort++ Update

Pushed build 190 to github (snortadmin/snort3):
  • fixed console close and remote control disconnect issues
  • added per-thread memcap calculation
  • added statistics counters to host_tracker module
  • new_http_inspect basic URI normalization with configuration options
  • format string cleanup for parser logging
  • fixed conf reload by signal

Thursday, March 3, 2016

Snort Subscriber Rule Set Update for 03/03/2016, Update 2

Just released:
Snort Subscriber Rule Set Update for 03/03/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 0 new rules and made modifications to 5 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has modified multiple rules in the policy-other rule set to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Snort Subscriber Rule Set Update for 03/03/2016

Just released:
Snort Subscriber Rule Set Update for 03/03/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 186 new rules and made modifications to 821 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the blacklist, browser-ie, browser-other, browser-plugins, deleted, exploit-kit, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, netbios, os-windows, policy-other, protocol-pop, protocol-voip, pua-other, server-apache, server-mail, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.


In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 1, 2016

Snort Subscriber Rule Set Update for 03/01/2016

Just released:
Snort Subscriber Rule Set Update for 03/01/2016


We welcome the introduction of the newest rule release from Talos. In this release we introduced 16 new rules and made modifications to 11 additional rules.

There were no changes made to the snort.conf in this release.



Talos's rule release:
Talos has added and modified multiple rules in the browser-ie, browser-plugins, exploit-kit, file-office, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://www.snort.org/products. Make sure and stay up to date to catch the most emerging threats!