Snort 126.96.36.199 releases: Intrusion Prevention System
The Snort++ (Snort 3) project has been hard at work for a while now and we have released the fourth alpha of the next generation Snort IPS (Intrusion Prevention System). This file will show you what Snort++ has to offer and guide you through the steps from download to demo.
This version of Snort++ includes new features as well as all Snort 2.X features and bug fixes for the base version of Snort except as indicated below:
Project = Snort++ Binary = snort Version = 3.0.0-a4 build 235 Base = 2.9.8 build 383
Here are some key features of Snort++:
- Support multiple packet processing threads
- Use a shared configuration and attribute table
- Use a simple, scriptable configuration
- Make key components pluggable
- Autodetect services for portless configuration
- Support sticky buffers in rules
- Autogenerate reference documentation
- Provide better cross-platform support
- Facilitate component testing
Additional features on the roadmap include:
- Use a shared network map
- Support pipelining of packet processing
- Support hardware offload and data plane integration
- Support proxy mode
- Windows support
- Added new debugs to print detection, file_processing and Preproc time consumption info and verdict.
- Added support to detect new Korean file formats .egg and .alg in the file preprocessor.
- Added support to detect new RAR file-type in the file preprocessor.
Improvements / Fix
- Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
- Fix to whitelist FTP data sessions when no file policy exists.
- Fix RTF file magic to a more generic value to prevent evasions.
- Added debug logs during HTTP reload.
- Added rule SID check during validation.
- Fix an issue where HTTP was processing non-HTTP traffic on port 443.
- Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts.