Snort 1.9.0 Released - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Snort 1.9.0 Released

User Rating:

How can I rate this item?

Source: snort.org - Posted by Eric Lubow

The Snort team is proud to announce the availability of version 1.9.0 of Snort available for download at http://www.snort.org. Significant major changes in this new version listed below.. . . The Snort team is proud to announce the availability of version 1.9.0 of Snort available for download at http://www.snort.org. Significant major changes in this new version listed below.

Date: Thu, 03 Oct 2002 22:40:43 -0400
From: Chris Green
To: snort-devel@lists.sourceforge.net, snort-announce@lists.sourceforge.net, snort-users@lists.sourceforge.net, focus-ids@securityfocus.com
Subject: [Snort-users] snort-1.9.0 is released!

The Snort team is proud to announce the availability of version 1.9.0 of Snort available for download at http://www.snort.org

http://www.snort.org/dl/snort-1.9.0.tar.gz
http://www.snort.org/dl/snort-1.9.0.tar.gz.asc (gpg)

This release is the culmination of lots of bug fixing and new features from many developers including

Roman Danyliw, Glenn Mansfield Keeni, Abe Katsuhisa, Marty Roesch, Brian Caswell, Andrew Baker, Jed Haile, Jason Larsen, Dragos, Dan Roelker, Marc Norton, Chris Reid, Jeff Nathan, Phil Wood, Dave Goldsmith, Andreas Ostling (to whom I own : above the O), Andrew Hintz, everyone who submits bug reports and tests and submits signatures or signature descriptions.

A list of major changes include:

reorganized code tree ( finally declared stable )
portscan2 / conversation introduction
picking up state on sessions is more forgiving of odder flag combinations throughout snort as a whole
the flow keyword to indicate "from_server" or "to_server"
snortdb schema 1.06
perf stats
flexresp fixes so that it's on the OTN instead of the RTN
icmp formatting fixes
telnet negotiation handles the telnet EAC character
URI related bug fixed where a HTTP rule would alert on bogus traffic ( thanks to qru for test case )
works with net-snmp
Stream4 supports asynchronous_link's ( great if you have to do IDS without being able to combine both sides of an ethernet tap or split routing )
the decoder creates alerts for packets it doesn't understand ( save this and submit them as BUGS or events ) config disable_decode_alerts to disable this feature
LOTS of new rules
flags: A+ is not how we will ever mark a session as "established" ever again.
- dsize check gains min<>max range support
- checksum functions inlined and obscure endianess related bug

Release Notes:

Only libnet 1.0 supported for flexresp
HP-UX is not a supported platform.

Thanks for your patience and support. The SNORT_1_9 branch of CVS is now marked as the stable branch for bug fixing and minor features only.

The HEAD branch is where development will commence. Please note this as people who have deemed the beta';s of 1.9 good enough for production use that the place you need to track has changed.

The command to grab a new copy via from is:

cvs -d:pserver:anonymous@cvs.snort.sourceforge.net:/cvsroot/snort \ co -r SNORT_1_9 -d snort-1.9 snort

-- Chris Green Eschew obfuscation.