Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Snort 2.2.0 released

from [Martin Roesch] Network Security [Permanent Link]
Subject: Snort 2.2.0 released
Date: Thu, 12 Aug 2004 18:51:46 -0400 
Hi everyone,

Snort 2.2.0 has been released and is available at http://www.snort.org/dl/snort-2.2.0.tar.gz

New features include:

* New TCP state engine in stream4
* ASN.1 parsing and detection functionality added to rules language (sp_asn1)
* Stream logging added, individual stream segment packets are logged for events on rebuilt streams instead of the pseudopacket (for unified and pcap logging)
* New Aho-Corasick pattern matchers
* Webroot alert for HTTP directory traversal attacks

Fixes:

* Rebuilt TCP packet munging reported by Steve Halligan. Thanks for your help getting pcaps so we could analyze this bug.
* Improved TCP stream flushing as reported by Brian Bailey. Thanks for your help working on this with us.
* Chunked encoding false positives fixed in http_inspect. Thanks Lindsey Cheng for finding the problem.
* Turned off http_inspect alerts that were causing false positives in the
preset webserver profiles.
* Turn off encoding alerts in HTTP parameter field. The parameter field
is still normalized, it just doesn't alert. This helps reduce alerts
that are generated from complex parameter queries.
* Fixed memory leak in "fast" output. Thanks for your bug report
sekure@gmail.com.

Fixes since RC1:

* Updated database schema diagram from Chris Reid. Schema can be found in ./doc/snort_schema_v106.pdf
* Added --include-pcre* configuration option to help cross compiling. Thanks Erik de Castro Lopo.
* Fixed thresholding/suppression issue with queuing multiple events per packet. Thanks Andreas Ostling.
* Turned off http_inspect alerts that were causing false positives in the preset webserver profiles (Thanks Dan Roelker).
* Turn off encoding alerts in HTTP parameter field. The parameter field is still normalized, it just doesn't alert. This helps reduce alerts that are generated from complex parameter queries (Thanks Dan Roelker).
* Fixed memory leak in "fast" output. Thanks for your bug report sekure@gmail.com.
* Clear error code which under Windows was causing a subsequent false failure in parsing threshold rules. (Thanks to Rich Adamson)

Further details can be found in Changelog and RELEASE.NOTES.

Thanks!
The Snort Team

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Snort 2.2.0 released, Martin Roesch <=
Previous by Date:  LIDS 1.2.2rc2 for Linux kernel 2.4.27 released, Yusuf Wilajati Purna
Next by Date:  Re: Definition of Zero Day Protection, Devdas Bhagat
Previous by Thread:  LIDS 1.2.2rc2 for Linux kernel 2.4.27 released, Yusuf Wilajati Purna
Next by Thread:  Top Layer Attack Mitigator - Experience?, Michael McDonough
Indexes:  [Date] [Thread] [Top] [All Lists]