Wednesday, June 30, 2004

OT: Snort 2.2.0 RC1 released


Snort 2.2.0 RC1 released Brian @ Tue Jun 29 16:02:21 2004 GMT
The first release candidate of Snort v2.2 is available! We ask that everyone give it a whirl and let us know what you think. RPMs and the Win32 installer will appear on snort.org shortly.

The major features of Snort 2.2.0 RC1 include:

* Added new TCP state engine
* Added ASN.1 parsing and detection functionality to snort. Please refer to README.asn1 for more information on rule usage.
* Fixed rebuilt TCP packet munging reported by Steve Halligan. Thanks a lot for getting this problem down to pcap so we could analyze the problem.
* Improve TCP reassembly flushing for TCP streams that have already generated an alert. This was illustrated by Brian Bailey in his SANS GIAC practical examination. Thanks for working with us on this one.
* Added webroot alert. This alert is generated when a URL directory traversal traverses past the webroot. Added new URI discovery technique pointed out by Kanatoko. Please see doc/README.http_inspect for more details.
* New Aho-Corasick pattern matchers. Added content length tracking on otnx structures.
* Chunked Encoding false positives fixed in http_inspect. Thanks Lindsey Cheng for finding the problem.
* Updated RPMs - please see contrib/rpm/CHANGES.rpms for further details

The Snort documentation for 2.2 is still a work in progress, and has not yet been completely updated. To that end, if anyone has any suggestions on improvments for documentation, please send it to Brian Caswell and Jeremy Hewlett.

..and as always, a big thank you to the community for your continued support and suggestions!


Post a Comment

<< Home

Get Firefox!