snort-users October 2011 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: [Snort-users] Snort 2.9.2 Beta Now Available

[Snort-users] Snort 2.9.2 Beta Now Available

From: Snort Releases <snortreleases_at_nospam>
Date: Fri Oct 28 2011 - 15:43:57 GMT
To: snort-users@lists.sourceforge.net

Snort 2.9.2 Beta is now available on snort.org, at
http://www.snort.org/snort-downloads/ in the Latest Development
Release section.

2.9.0 RC & later packages are signed with a new PGP key
(that is signed with the previous key).

Snort 2.9.2 introduces the following new capabilities:

  * SCADA (DNP3 and Modbus) preprocessors. Added two new preprocessors
    to support writing rules for detecting attacks for control systems.
    New rule keywords are supported, and DNP3 leverages Stream5 PAF
    support for TCP reassembly. See the Snort Manual, README.dnp3 and
    README.modbus for details of the configurations and new rule
    options.

  * GTP decoding and preprocessor. Updated the Snort packet decoders
    and added a preprocessor to support detecting attacks over GTP (GPRS
    Tunneling Protocol). Snort's GTP support handles multiple versions
    of GTP and has a rich configuration set. See the Snort Manual and
    README.GTP for details.

  * Updates to the HTTP preprocessor to normalize HTTP responses that
    include javascript escaped data in the HTTP response body. This
    expands Snort's coverage in detecting HTTP client-side attacks.
    See the Snort Manual and README.http_inspect for configuration
    details.

Additionally, the following updates and improvements have been made:

  * Updates to Stream preprocessor to be able to track and store
    "stream" data for non TCP/UDP flows. Also improvements to handle
    when memory associated with a blocked stream is released and usable
    for other connections.

  * Updates to dce_stub_data to make it act the same as file_data
    and pkt_data rule option keywords in how it interacts with
    subsequent content/pcre/etc rule options.

  * Updates to how Snort handles and processes signals received
    from the OS.

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to snort-beta@sourcefire.com.

Happy Snorting!
The Snort Release Team

------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!