Thursday, October 10, 2019

Snort 2.9.15.0 is here

Today, we added Snort 2.9.15.0 to the family!

As always, available from our download site on Snort.org, this new version contains the following features:

New Additions

  • Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
  • Added support to detect new Korean file formats .egg and .alg in the file preprocessor.
  • Added support to detect new RAR file-type in the file preprocessor.

Improvements / Fix

  • Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
  • Fix to whitelist FTP data sessions when no file policy exists.
  • Fix RTF file magic to a more generic value to prevent evasions.
  • Added debug logs during HTTP reload.
  • Added rule SID check during validation.
  • Fix an issue where HTTP was processing non-HTTP traffic on port 443.
  • Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts.
Any notes or feedback for us on Snort 2.9.15.0?  Please shoot us a note over on the Snort-Users mailing list.