Monday, August 12, 2019

Snort Shared Object OSes to be removed

In order to deprecate older OS builds and enable builds for newer OSes, it has become time to purge old OSes from our Shared Object rule build system.

The following builds will be stopped on August 27th:

CentOS 5.4
Debian 7
FC 25
FC 26
FreeBSD 8.1
FreeBSD 9.0
FreeBSD 10.0
OpenBSD 5.2
OpenBSD 5.3
RHEL 5.5
Slackware 13.1


We are looking at a couple new builds to start after this step.  More information will be posted soon.

Friday, August 2, 2019

Snort 2.9.14.1 has been released!

Snort Community!

We know it's a Friday, so we don't expect everyone to run right out and update, but in trying to get everything done before Black hat / Defcon, we wanted to make sure that 2.9.14.1 was shipped before we all got on planes to head out to "Hacker Summer Camp".

We've just pushed 2.9.14.1 live on the website (snort.org/downloads).  Please head on over and check it out at your earliest convenience.

Release notes are essentially the same as 2.9.14.0, with one minor fix, so I'll repost those:

[*] New Additions

 * Added support for wild card port numbers in host cache and overwriting port service AppId.

 * Added support for new STLS client patterns to help better detect POP3S over SSL.

 * Added support for detecting Mac based SMTP Microsoft Outlook client application.

 * Added a new preprocessor alert 120:27 to alert if there is no proper end of header.

[*] Improvements / Fix

 * Improved appId detection for proxied traffic.

 * Fix for enabling flow profiling mode without restarting snort detection engine.

 * Fixed packet drop scenario.


Thanks so much for bearing with us while we figured out the little bug with packet acquisition.

As always, feedback can be directed to the Snort-users list.  Happy Snorting!

Thursday, August 1, 2019

Snort rule update for Aug. 1, 2019

Cisco Talos just released the latest SNORT® rule update for all users. Talos urges all users to implement these rules as soon as possible to keep their networks and machines protected.

This release contains 31 new rules, 11 new shared object rules, 61 modified rules and one modified shared object rules.

Thursday's release includes new protections against the EvilGnome malware, fixes for several Microsoft and Apple vulnerabilities and coverage for a vulnerability in Palo Alto Networks' VPN service.