File: RELEASE.NOTES

package info (click to toggle)
snort 2.3.3-11
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 22,512 kB
  • ctags: 11,344
  • sloc: ansic: 70,967; sh: 4,848; makefile: 748; perl: 478; sql: 212
file content (133 lines) | stat: -rw-r--r-- 5,553 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
2005-04-22 - Snort 2.3.3 Released

* Fixed sfPortscan Open Ports not getting suppressed.

* Added new mini-preprocessor to catch the X-Link2State vulnerability.
  See Snort manual for details.

2005-03-10 - Snort 2.3.2 Released

* Removed end-of-line parser fix in favor of completely reworking
  this at the next parser overhaul.

2005-03-09 - Snort 2.3.1 Released

* Fixed issue where the number of flowbits were too small. Thanks Marc
  Norton for the fix.

* Fixed parsing of comments at end of line in config file.  In
  snort.conf, anything that follows a # on a line is considered a
  comment. Thanks Steve Sturges for the fix.

* Fixed alignment issue causing sfPortscan to crash on Solaris/HPUX.
  Thanks Andy Mullican for the fix. Thanks Senthil Prabu.S and
  Jonathan Miner for working with us on this.

2005-01-25 - Snort 2.3.0 Final Released

* Fixed issue with sfPortscan reporting incorrect IP datagram length.
  Thanks Jon Hart for the test case and finding the bug, and Marc Norton
  for resolving the issue.

* Threshold/Suppression now prints properly when logging to syslog.
  Thanks Sekure for pointing out the problem. Thanks Steve Sturges for
  working on the fix.

* Threshold memcap argument now correctly handles non-integer input.
  Thanks nnposter for the patch.

* Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were
  not decoded properly. Thanks Dan Roelker for the fix.

* Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your
  work on putting it all together. 

2004-12-15 - Snort 2.3.0 RC2 Released

* Small performance improvement to arpspoof and also fixed a problem
  where the list of configured IP/MAC entries would contain only one
  entry and leaked memory (Jeff Nathan).

* Fixed a problem affecting MacOS X where linking may fail with
  non-standard libraries when global symbols are encountered multiple
  times (Jeff Nathan).

* Ignore RST|ACK midstream pickup case so we don't get an evasive TCP
  alerts.  Thanks for the report, Sekure. Thanks Dan Roelker for the fix.

* Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the 
  logdir config will work if the default or command-line logdir does not
  exist on the system. Thanks Dan Roelker.

* Fixed bug when setting the doe_ptr on a successful pcre match.
  It is now set relative to base_ptr. Thanks Steve Sturges for the
  fix.

* Added from_beginning and multiplier options for byte_jump.
  from_beginning skips bytes from the beginning of the content,
  instead of from the location immediately following the number
  of bytes to skip.  multiplier takes a numeric argument, and
  skips x times that number of bytes. Thanks again to Steve Sturges.

* In "fast" output, now log only actual packet contents when UDP
  data length is greater than actual data length. Thanks Brian
  Caswell for spotting this, and Andrew Mullican for working on the fix.

* Please check the ChangeLog for further details.  

2004-11-18 - Snort 2.3.0 RC1 Released

* Added IPS functionality from Snort-Inline.  A big thanks to the
  Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor
  Julien).  Also, Thanks Dan Roelker for doing the integrating of
  Snort-Inline into the official Snort project.  

* Added new portscan detector.  The design and implementation was headed
  up by Dan Roelker, and included Marc Norton and Jeremy Hewlett.  

* Numerous changes for better 64bit Snort support from Jeremy Hewlett and
  Marc Norton.  Additionally, an --enable-64bit-gcc option was added to
  configure.  However, there are still some memory alignment issues to
  work out before 64bit mode is fully functional, patches are welcomed.
  Thanks Chris Baker for doing 64bit testing.  

* Added not_established keyword to the flow detection option.  This allows
  snort to do dynamic firewall rulesets.  Experimental for now.  

* Added an enforce_state keyword to stream4 so we won't pick up midstream
  sessions.  This works well for asynchronous links and also for
  just monitoring legitimate traffic.  

* Relocated ./contrib files to http://www.snort.org/dl/contrib as many
  are not maintained by Sourcefire and are out of date. The rpm and
  schema files have been relocated in their respective 'rpm' and 'schemas'
  directories under the snort parent directory.

* perfmonitor config line can now be configured with "accumulate" or
  "reset."  Thanks Marc Norton for the feature, and Barry Basselgia for
  pointing out the issue.  Thanks Scott Dexter and Andreas Ostling for
  doing some initial testing.  

* Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson
  and Clay McClure.  Thanks guys.  

* Fixed reference times to match log time for first packet, for an event
  generated by a reassembled packet.  Incremented event ID to give
  unique ID for each packet.  Also made unified logging compatible with
  Windows.  Thanks Andrew Mullican for the fix.  

* Fixed linux perfmonitoring stats for the 2.6 kernel.  Thanks to
  everyone that reported this bug.  Thanks Dan Roelker for the fix.  

* Get thresholding/suppression to work for alerts that do not
  contain an ip header (primarily decode alerts).  Thanks
  Brian Caswell.  

* Fix conditions where snort would log double web alerts that
  contained only content options (no uricontents).  Thanks to kawa for
  finding and reporting this bug.  

* Fix suppression/thresholding bug for non-rule alerts.  Thanks to
  Alex Butcher for reporting it to us.  

* Many other bug fixes, please check the ChangeLog for details.