Thursday, November 19, 2020

Snort 2.9.17.0 has been released

Join us as we are pleased to release a bug fix version of Snort 2.9.17.0!  First, some release notes:

Snort 2.9.17.0

New Additions

  • Added support for s7Commplus protocol.
  • Support for allowing common names across rule options.
  • Added support to detect TCP Fast Open packets.
Improvements / Fix
  • Added support for HTTP range field parsing to detect if HTTP response/request is indeed partial or full content.
  • Miscellaneous SMB bug fixes.
  • Fixed TCP segment queue hole issue as per the RFC793 recommendation for OOO Ack packet handling.
  • Fixed multiple static analysis issues.
  • Fixed DNS application detector failing to detect DNS traffic in some scenarios
  • Fixed complier warnings
  • Fix to populate original IP in dropped events when inline normalization is enabled in unified2 output method
  • Fixed handling of encrypted traffic by the SIP preprocessor
  • Added port 853 to the SSL detector for DNS over TLS runs on SSL
    • Also improved SIP preprocessor to detect SSL encrypted SIP traffic better
  • Fixes to byte_math operation
  • Fixed GCC 10.1.1 compile issues
  • Fixed incorrect filtering of UDP traffic when "ignore_any_rules" is configured
  • Fix to address some cases of ambiguous codes between SMTP & FTP and when SMTP server does not support EHLO
  • Fixed AppID caching proxy IP instead of tunneled IP in the dynamic cache during ultrasurf traffic
  • Fixed popup message on Windows uninstall operation
  • Added message to ask users to choose 4.1.1 of winpcap when on Windows.

As always this maintenance release of Snort 2.9.17.0 is available on our Snort downloads page.  For any questions, please feel free to visit our Snort-Users mailing list.