by Lawrence R. Rogers (2017-12-06):
- Release 18.104.22.168-1
* Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets,
which means Snort will block the packet and generate logs.
* Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted.
* Fixed issue to detect RTP up to two SSRC switches in each traffic direction.
* Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive
copy of segment data by not splitting them when flushing headers.
* Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan.
* Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets.
* Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup.
* Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels.
* Fixed issue of applying new configuration in file inspection after Snort reload.
by Lawrence R. Rogers (2017-09-05):
- Release 2.9.11-1
* src/build.h : updating build number to 125.
* src/preprocessors/: spp_session.c, Stream6/snort_stream_tcp.c :
Fixed issue with updation of global IPS id before packet processing.
* src/output-plugins/spo_unified2.c :
Added changes to display AppId for IPv6 unified events.
* src/: dynamic-preprocessors/Makefile.am,
sfutil/sfmemcap.c, sfutil/sfmemcap.h :
Fixed dynamic preprocessor compilation failure in OpenBSD platform.
* src/: parser.c, snort.h, detection-plugins/sp_replace.c :
Fixed issues while parsing rules in snort reload path.
* src/: appIdApi.h, dynamic-preprocessors/appid/appId.h,
Added implementation of hostPortCache versioning for unknown flows in AppID to detect and block BitTorrent.
* src/preprocessors/spp_normalize.c :
Fixed incorrect usage of snort configuration in snort reload path.
* src/dynamic-preprocessors/appid/: flow.c, flow.h, fw_appid.c :
Fixed issues with printing of messages for out-of-order packets.
* src/: mempool.c, mempool.h, reg_test.h, reload.c,
Added support for forced allocation of TCP protocol memory pool after maximum limit is reached.
* src/reload.c :
Fixed synchronisation issue during snort reload.
* src/sfutil/: sf_ip.h, sf_ipvar.c, sf_ipvar.h :
Added changes to improve performance of ipvar list comparison.
* src/: dynamic-output/plugins/output_lib.h,
sfutil/sf_textlog.c, sfutil/sf_textlog.h :
Added support for storing filenames in unicode format for SMB protocol.
* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c :
Enhanced SMTP client detection by allowing line folding and all authentication methods.
* src/: fpcreate.c, sfutil/sfthd.c, sfutil/sfxhash.c :
Fixed issue in detection filter counter when rule is used in multiple configurations.