Opened 9 years ago

Closed 9 years ago

#49863 closed update (fixed)

snort @2.9.7.6: update to 2.9.8.0

Reported by: Schamschula (Marius Schamschula) Owned by: jul_bsd@…
Priority: Normal Milestone:
Component: ports Version:
Keywords: haspatch Cc: kurthindenburg (Kurt Hindenburg)
Port: snort

Description

snort has been updated to version 2.9.8.0.New this version:

New additions

  • SMBv2/SMBv3 support for file inspection.
  • Port override for metadata service in IPS rules.
  • AppID Lua detector performance profiling.
  • Perfmon dumps stats at fixed intervals from absolute time.
  • New preprocessor alert (120:18) to detect SSH tunneling over HTTP
  • New config option |disable_replace| to disable replace rule option.
  • New Stream configuration |log_asymmetric_traffic| to control logging to syslog.
  • New shell script in tools to create simple Lua detectors for AppID.

Improvements

  • sfip_t refactored to use struct in6_addr for all ip addresses.
  • Post-detection callback for preprocessors.
  • AppID support for multiple server/client detectors evaluating on same flow.
  • AppID API for DNS packets.
  • Memory optimizations throughout.
  • Support sending UDP active responses.
  • Fix perfmon tracking of pruned packets.
  • Stability improvements for AppID.
  • Stability improvements for Stream6 preprocessor.
  • Added improved support to block malware in FTP preprocessor.
  • Added support to differentiate between active and passive FTP connections.
  • Improvements done in Stream6 preprocessor to avoid having duplicate packets in the DAQ retry queue.
  • Resolved an issue where reputation config incorrectly displayed 'blacklist' in priority field even though 'whitelist' option was configured.
  • Added support for multiple expected sessions created per packet
  • Active response now supports MPLS

Attachments (1)

Portfile-snort.diff (771 bytes) - added by Schamschula (Marius Schamschula) 9 years ago.

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by Schamschula (Marius Schamschula)

Attachment: Portfile-snort.diff added

comment:1 Changed 9 years ago by mf2k (Frank Schima)

Cc: jul_bsd@… removed
Owner: changed from macports-tickets@… to jul_bsd@…
Version: 2.3.4

comment:2 Changed 9 years ago by kurthindenburg (Kurt Hindenburg)

Cc: khindenburg@… added

Cc Me!

comment:3 Changed 9 years ago by kurthindenburg (Kurt Hindenburg)

Resolution: fixed
Status: newclosed

done r144124

I noticed this

Error: ---> Unknown pidfile style /opt/local/var/run/snort_en1.pid presented to startupitem.pidfile

Note: See TracTickets for help on using tickets.