Thursday, October 10, 2019

Snort is here

Today, we added Snort to the family!

As always, available from our download site on, this new version contains the following features:

New Additions

  • Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
  • Added support to detect new Korean file formats .egg and .alg in the file preprocessor.
  • Added support to detect new RAR file-type in the file preprocessor.

Improvements / Fix

  • Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
  • Fix to whitelist FTP data sessions when no file policy exists.
  • Fix RTF file magic to a more generic value to prevent evasions.
  • Added debug logs during HTTP reload.
  • Added rule SID check during validation.
  • Fix an issue where HTTP was processing non-HTTP traffic on port 443.
  • Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts.
Any notes or feedback for us on Snort  Please shoot us a note over on the Snort-Users mailing list.