Hi Naik, Do we have any update on Windows versions of snort......
On Wed, Feb 9, 2011 at 11:09 AM, N41K <[email protected]> wrote: > Hi Geeks, > > Snort 2.9.0.4 is currently slated for release on Thursday. It brings > about several improvements to the Snort code and documentation (thanks > to those members of the Snort Community who submitted bugs for both > the code and documentation!), as well as the inclusion of SaaC (Snort > as a Collector) code for Razorback. > > Below are the 2.9.0.4 release notes, along with some inline bullet > points on the improvements, (thanks to Russ providing the information > below to me): > > > [*] Improvements > * Added the Razorback "Snort as a Collector" (SaaC) dynamic > preprocessor. > This is for experimental use only! Enable it by compiling with > --enable-rzb-saac. > > * Fixed false positives in HTTP traffic, which were caused by large > HTTP > chunks split across two packets. > * When there is a large chunk length (not in the first packet), and > the packet size is less than the chunk length, copy fails and hence > the DecodeBuffer is not overwritten. Any subsequent packets uses the > decode buffer without overwriting it and hence the false positive. > The fix was to extract the packet size when packet size is less than > the chunk length. > > * Made several updates to the Snort manual and READMEs. > > * Fixed a false positive on Stream5 rule 129:15, caused by a RST > following > a FIN. > * When a TCP FIN was processed the FIN pseudo-octet was not always > accounted for in the sequence number tracking within the stream5 > preprocessor. A subsequent TCP RST in the FIN-Wait-1 or FIN-Wait-2 > states could then lead to a false positive for 129:15. The fix is to > ensure proper accounting of the TCP FIN pseudo-octet. This problem > did not affect TCP RSTs while the session was fully established. > * Fixed a bug in HTTP_STAT_MSG > * HTTP STATUS MSG BUFFER included the CR LF from the status line. > With the fix HTTP STATUS MSG BUFFER now contains the status message > from the HTTP response and not the CR LF from the status line. > > Further Ref: > http://blog.snort.org/2011/02/snort-2904-is-coming-this-week.html > > Cheers, > 0xN41K > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- Phani -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
