quarta-feira, 2 de dezembro de 2015

[Snort-devel] Snort 2.9.8 RC Now Available

Coisa bem legais por vir no 2.9.8 =)

Snort is now available on snort.org at
http://www.snort.org/downloads in the Snort Stable Release section.

2015-08-28 - Snort 2.9.8_rc

[*] New additions
  *  SMBv2/SMBv3 support for file inspection.
  *  Port override for metadata service in IPS rules.
  *  AppID Lua detector performance profiling.
  *  Perfmon dumps stats at fixed intervals from absolute time.
  *  New preprocessor alert (18:120) to detect SSH tunneling over HTTP
  *  New config option |disable_replace| to disable replace rule option.
  *  New Stream configuration |log_asymmetric_traffic| to control
logging to syslog.
  *  New shell script in tools to create simple Lua detectors for AppID.

[*] Improvements
  *  sfip_t refactored to use struct in6_addr for all ip addresses.
  *  Post-detection callback for preprocessors.
  *  AppID support for multiple server/client detectors evaluating on
same flow.
  *  AppID API for DNS packets.
  *  Memory optimizations throughout.
  *  Support sending UDP active responses.
  *  Fix perfmon tracking of pruned packets.
  *  Stability improvements for AppID.
  *  Stability improvements for Stream6 preprocessor.
  *  Added improved support to block malware in FTP preprocessor.
  *  Added support to differentiate between active and passive FTP
  *  Improvements done in Stream6 preprocessor to avoid having duplicate
packets in the DAQ retry queue.
  *  Resolved an issue where reputation config incorrectly displayed
'blacklist' in priority field even though 'whitelist' option was configured.

See the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team