snort-2.9.11.1-1.fc22.i686
[4.4 MiB] |
Changelog
by Lawrence R. Rogers (2017-12-06):
- Release 2.9.11.1-1
New Additions
* Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets,
which means Snort will block the packet and generate logs.
* Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted.
Improvements
* Fixed issue to detect RTP up to two SSRC switches in each traffic direction.
* Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive
copy of segment data by not splitting them when flushing headers.
* Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan.
* Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets.
* Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup.
* Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels.
* Fixed issue of applying new configuration in file inspection after Snort reload.
|
snort-2.9.11-1.fc22.i686
[4.4 MiB] |
Changelog
by Lawrence R. Rogers (2017-09-05):
- Release 2.9.11-1
* src/build.h : updating build number to 125.
* src/preprocessors/: spp_session.c, Stream6/snort_stream_tcp.c :
Fixed issue with updation of global IPS id before packet processing.
* src/output-plugins/spo_unified2.c :
Added changes to display AppId for IPv6 unified events.
* src/: dynamic-preprocessors/Makefile.am,
reload-adjust/appdata_adjuster.c,
sfutil/sfmemcap.c, sfutil/sfmemcap.h :
Fixed dynamic preprocessor compilation failure in OpenBSD platform.
* src/: parser.c, snort.h, detection-plugins/sp_replace.c :
Fixed issues while parsing rules in snort reload path.
* src/: appIdApi.h, dynamic-preprocessors/appid/appId.h,
dynamic-preprocessors/appid/appIdApi.c,
dynamic-preprocessors/appid/appIdConfig.h,
dynamic-preprocessors/appid/appInfoTable.c,
dynamic-preprocessors/appid/flow.h,
dynamic-preprocessors/appid/fw_appid.c,
dynamic-preprocessors/appid/hostPortAppCache.c,
dynamic-preprocessors/appid/hostPortAppCache.h :
Added implementation of hostPortCache versioning for unknown flows in AppID to detect and block BitTorrent.
* src/preprocessors/spp_normalize.c :
Fixed incorrect usage of snort configuration in snort reload path.
* src/dynamic-preprocessors/appid/: flow.c, flow.h, fw_appid.c :
Fixed issues with printing of messages for out-of-order packets.
* src/: mempool.c, mempool.h, reg_test.h, reload.c,
control/sfcontrol.c, control/sfcontrol.h,
preprocessors/spp_session.c,
preprocessors/Stream6/snort_stream_tcp.c :
Added support for forced allocation of TCP protocol memory pool after maximum limit is reached.
* src/reload.c :
Fixed synchronisation issue during snort reload.
* src/sfutil/: sf_ip.h, sf_ipvar.c, sf_ipvar.h :
Added changes to improve performance of ipvar list comparison.
* src/: dynamic-output/plugins/output_lib.h,
dynamic-output/plugins/output_plugin.c,
dynamic-preprocessors/dcerpc2/dce2_smb.c,
dynamic-preprocessors/dcerpc2/dce2_smb.h,
dynamic-preprocessors/dcerpc2/dce2_smb2.c,
dynamic-preprocessors/dcerpc2/spp_dce2.c,
dynamic-preprocessors/file/file_event_log.c,
file-process/file_api.h, file-process/file_service.c,
file-process/file_stats.c, file-process/file_stats.h,
sfutil/sf_textlog.c, sfutil/sf_textlog.h :
Added support for storing filenames in unicode format for SMB protocol.
* src/dynamic-preprocessors/appid/detector_plugins/detector_smtp.c :
Enhanced SMTP client detection by allowing line folding and all authentication methods.
* src/: fpcreate.c, sfutil/sfthd.c, sfutil/sfxhash.c :
Fixed issue in detection filter counter when rule is used in multiple configurations.
|
snort-2.9.8.3-1.fc22.i686
[3.7 MiB] |
Changelog
by Lawrence R. Rogers (2016-04-26):
- Release 2.9.8.3-1
2016-04-26 Rahul Burman <rahburma@cisco.com>
Snort 2.9.8.3
* src/build.h: updating build number to 383
* configure.in, src/preprocessors/HttpInspect/server/hi_server.c:
Modified Http header parsing of multiline content-encoding header.
* src/preprocessors/: snort_httpinspect.c,
HttpInspect/server/hi_server.c:
Fixed an issue where file position pointer was incorrectly set for HTTP response
containing chunked and gzip data.
* src/preprocessors/Stream6/: snort_stream_tcp.c
Added sanity check to TCP trimming in out-of-order FIN case.
* src/parser.c:
Disabled port groups that are not useful unless adapative profiling is enabled.
* src/: dynamic-preprocessors/sdf/spp_sdf.c, obfuscation.c:
Fixed an issue of incorrect masking of sensitive data.
2016-03-18 Gaurav Nagare <gnagare@cisco.com>
Snort 2.9.8.2
* src/build.h: updating build number to 335
* src/dynamic-plugins/: sf_engine/examples/detection_lib_meta.h,
sf_dynamic_meta.h:
Updated detection API version to 2.6 to use the latest snort SO rules.
* src/: dynamic-preprocessors/sdf/spp_sdf.c,
preprocessors/Stream6/snort_stream_tcp.c, obfuscation.c:
Fixed several issues with SDF and obfuscation.
* src/: profiler.h, preprocessors/perf_indicators.c,
preprocessors/perf_indicators.h:
Resolved snort build issue with "--disable-perfprofiling" configure
option.
* src/: decode.c, decode.h:
Added Double VLAN tagging support.
* src/file-process/file_mime_process.c:
Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.
* src/preprocessors/HttpInspect/server/hi_server.c:
Fixed memory leak.
* src/preprocessors/HttpInspect/utils/hi_paf.c:
Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP version 1.0.
* doc/snort_manual.pdf, src/preprocessors/snort_httpinspect.c,
src/preprocessors/spp_httpinspect.c:
Fixed Snort memory leak in parsing HTTP xff options.
* src/preprocessors/spp_httpinspect.c:
Fixed Coverity issues.
* src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
HttpInspect/include/hi_paf.h, HttpInspect/server/hi_server.c,
HttpInspect/utils/hi_paf.c:
Improved End of Header(EOH) identification for response header spanning multiple
reassembled packets.
* src/preprocessors/: HttpInspect/utils/hi_paf.c,
Stream6/snort_stream_tcp.c, Stream6/stream_paf.c:
Improved packet reassembly for HTTP, added code to purge segment correctly when
PAF decides to ignore packet upon reaching paf_max.
* src/fpdetect.c:
Fixed to use outer header callback functions when checking IP rule against outer IPs
and inner header callback when checking against inner IPs.
* src/preprocessors/spp_httpinspect.c:
Fixed an issue where http_inspect current and default config had
different file depth.
* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c:
Handled malformed DNS host in AppId.
* src/file-process/: file_api.h, file_segment_process.c, file_service.c:
Prevented access to file contexts which are pruned when memcap is
reached.
* src/dynamic-preprocessors/appid/: app_forecast.c, app_forecast.h,
flow.h, fw_appid.c, spp_appid.c, thirdparty_appid_types.h:
Performance improvements to AppID.
* src/dynamic-preprocessors/appid/luaDetectorApi.c:
Created a future-flow API for lua detector.
Exposed DNS API to lua detector.
* src/dynamic-preprocessors/ftptelnet/pp_ftp.c:
Fixed an issue where unexpected SSL negotiation starts for FTP
with explicit SSL.
* src/preprocessors/HttpInspect/utils/hi_paf.c:
Updated HTTP PAF to accept all tokens between method and version
string in request URI.
* src/preprocessors/HttpInspect/files/file_decomp_SWF.c:
Fixed Flash LZMA decompression issue.
* src/preprocessors/spp_httpinspect.c:
Fixed file_depth intialization issue during Snort reload.
|