LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Snort Version 1.8.6 Released Print E-mail
User Rating:      How can I rate this item?
Source: Snort Project - Posted by Dave Wreski   
Intrusion Detection This is the first official announcement of a new Snort version in several months and it contains a multitude of fixes over previous versions. While the official releases have gone very slowly lately, the development of snort has picked up immensely.. . . This is the first official announcement of a new Snort version in several months and it contains a multitude of fixes over previous versions. While the official releases have gone very slowly lately, the development of snort has picked up immensely.

1.8.4 and 1.8.5 both had bugs that were found right as we were ready to do a full release and represented good midway points but 1.8.6 should be the stable target.

http://www.snort.org/dl/snort-1.8.6.tar.gz This release has many many fixes over 1.8.3. Lots of bugs in stream4 have been ironed out thanks to Phil Wood and myself staring at various lines of code for hours on end.

The major "gotcha" with this release will be that rules with <- used as the direction operator are no longer accepted. This is a bug fix in that it was assumed to be -> before ( unless you compiled with a specific define set).

  • The ICMP decoders have been rewritten.
  • (This is a summary of recent changes -- not all mine)
  • Fixed stream4 offset initialization
  • Double Open of snort log file
  • Lots of new rules
  • Fatal error on problems other than -> and <>
  • Fixed stream4 several low memory conditions
  • Error checking in stream4/frag2 argument parsing
  • snort-db schema updates to 1.05
  • --with-pcap-includes should now look at specified pcap
  • packet statistics now should be more accurate with regards to lost frags
  • double PID file write
  • S4 alignment problems on SPARC fixed ( rpc_decode still has SPARC alignment errors )
  • new snmptrap code
  • documentation updates
  • Stability fixes in frag2
  • SEQ / ACK checking should be correct (reported by Judy Novak; fix -- Phil Wood)
  • Reassembled packets with stream4 will now also be inspected when using -z est (reported by Andrea Barisani -- thanks for the patience)
  • ip fragments are now calculated correctly (reported by Judy Novak)
  • rule headers correctly matched (Christian Mock) ( multiple CIDR performance greatly increased )
Unfortunately, I've forgotten a lot of the names that I should be thanking here so please forgive me if you haven't been mentioned.

Packages for various platforms will be uploaded as available.

Help Needed:

We are trying very hard to have a great snort.org rules database full of information to help us all spend less time researching events that our sensors pick up. Just pick 1 signature from http://www.snort.org/snort-db/unfinished.html, queue it up and submit the template ( http://www.snort.org/snort-db/snort-sid-template.txt ) to snort-sigs@lists.sourceforge.net

Our full request for help is here:

http://www.snort.org/snort-db/help-us.html

I'd also like extend thanks to everyone that has been contributing to the database. Putting in a few definitions really helps out.

--
Chris Green
http://www.sourcefire.com
http://www.snort.org

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.