[Emerging-Sigs] Snort 2.9 released today

Raymond Pesek Raymond.Pesek at ThirdFederal.com
Mon Oct 4 16:23:53 EDT 2010

2010-10-04 - Snort 2.9.0 - http://www.snort.org/snort-downloads

[*] New Additions
  * Feature rich IPS mode including improvements to Stream for
    inline deployments.  Additionally a common active response API is
    used for all packet responses, including those from Stream,
    Respond, or React.  A new response module, respond3, supports the
    syntax of both resp & resp2, including strafing for passive
    deployments.  When Snort is deployed inline, a new preprocessor
    has been added to handle packet normalization to allow Snort
    to interpret a packet the same way as the receiving host.

  * Use of a Data Acquisition API (DAQ) that supports many different
    packet access methods including libpcap, netfilterq, IPFW, and
    afpacket.  For libpcap, version 1.0 or higher is now required.
    The DAQ library can be updated independently from Snort and is
    a separate module that Snort links to.

  * A new rule option 'byte_extract' that allows extracted values to
    be used in subsequent rule options for isdataat, byte_test,
    byte_jump, and content distance/within/depth/offset.

  * Two new rule options to support base64 decoding of certain pieces
    of data and inspection of the base64 data via subsequent rule

  * Added a new pattern matcher that supports Intel's Quick Assist
    Technology for improved performance on supported hardware
    platforms.  Visit http://www.intel.com to find out more about
    Intel Quick Assist.

[*] Improvements
  * Updates to HTTP Inspect to extract and log IP addresses from
    X-Forward-For and True-Client-IP header fields when Snort generates
    events on HTTP traffic.

  * Updates to SMTP preprocessor to support MIME attachment decoding
    across multiple packets.

  * Updates to the Snort packet decoders for IPv6 for improvements to
    anomaly detection.

Confidentiality Notice: 
This e-mail message, any attachment, and the information therein 
is confidential, intended only for the named recipient(s), and may 
contain material that is proprietary, privileged, or otherwise private 
under applicable law.  If you have received this message in error, 
or are not a named recipient: 
(1) You are advised that any disclosure, copying, distribution or use
of this e-mail, or the information in its content, is strictly prohibited;  
(2) We ask you immediately to notify the sender by return e-mail or 
contact Third Federal at 1-888-THIRD-FED (1-888.844-7333);
(3) We instruct you to delete this e-mail message and any 
attachment from your computer.  

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101004/db46c5d1/attachment-0001.html

More information about the Emerging-sigs mailing list