Thursday, October 11, 2018

Snort 2.9.12.0 has been released

Please join us as we welcome SNORTⓇ 2.9.12.0 to the family!

Some release notes on this latest version:

New Additions

  • Parsing HTTP CONNECT to extract the tunnel IP and port information.
  • Alerting and dechunking for chunked encoding in HTTP1.0 request and response.

Improvements

  • Fixed an issue where, if we have a junk line before HTTP response header, the header was wrongly parsed.
  • Fixed GZIP evasions where an HTTP response with content-encoding:gzip contains a body that has a GZIP-related anomaly.
  • Fixed an issue in certain scenarios where a BitTorrent pattern is seen only on the third packet of the session, causing us to miss our client detection.
  • SMB improvements for file detection and processing.

We'd like to thank the following members of the Snort community for reporting issues and submitting code to the project:

  • Elof
  • Anuj Patel
  • Markus
  • David Binderman
  • Stephan Zeisbarg

As always, we welcome feedback and community participation in Snort on the snort-users mailing list.