The SNORT® development team released a new update to Snort 3 (aka Snort++) on GitHub today.
Aug. 12, 2020 — 3.0.2 build 5
- cip: Fix the trailing parameter for the module
- dce_rpc: Set dce_rpc as a control channel inspector
- flow: Check expected flows in flow control and add direction swap flag to expected flows
- framework: Add an API to check if the module can be bound in the binder
- ftp: Add opportunistic TLS support
- ftp: Fix direction for active FTP data transfers
- helpers: Extend printed JSON syntax
- http2_inpsect: Fix for flush on data frame boundray w/o end of stream
- http_inspect: Do finish() after partial inspection
- lua: Add TCP port 80 binding to the connectivity and balanced tweaks
- main: Add printing modules help in JSON format
- managers: Print the instance type of the inspector module with --help-module
- rna: Add RNA MAC-based discovery logic
- rna: Discover network and transport protocols
- stream_tcp: Add check to prevent reentry to TCP session cleanup when flushing a PDU
As we gear up for the full release of Snort 3, we will post regular updates to the blog. Follow Snort on Twitter for the latest updates.
Snort 3 is the next generation of the Snort Intrusion Prevention System. The GitHub page will walk users through what Snort 3 has to offer and guide users through the steps of getting set up — from download to demo. Users unfamiliar with Snort should start with the Snort Resources page and the Snort 101 video series.