From: Martin Roesch <roesch@sourcefire.com> To: snort-users <snort-users@lists.sourceforge.net>, snort-dev <snort-devel@lists.sourceforge.net>, focus-ids <focus-ids@securityfocus.com>, ids@uow.edu.au, snort-announce <snort-announce@lists.sourceforge.net>, lwn@lwn.net Subject: IDS: Snort 1.8.2 released Date: Sun, 04 Nov 2001 01:29:23 -0500 Archive: http://msgs.securepoint.com/ids FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner@uow.edu.au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au ----------------------------------------------------------------------------- Snort 1.8.2 is available for download at http://www.snort.org! This is mostly a bugfix release, Snort is now more stable and more usable than it's been in quite a while, and should do a good job of tiding people over while we transition to 2.0 and the codebase gets a little more "fluid". Here's the list of fixes: * fixed UTC timestamps * fixed SIGUSR1 handling, should reset properly now after getting a signal on all platforms * fixed PID path generation code, PID files go in the right place now * fixed stability problems in stream4 * fixed stability problems in frag2 * tweaks to spo_unified for better integration with barnyard * added -f switch to turn off fflush() calls in binary logging mode * added new config keyword to stream4, "log_flushed_streams", which causes all buffered packets in the stream reassembler for that session to be logged in the event of an event on that stream (must be used in conjunction with spo_log_tcpdump) * added packet precacheing for flexresp TCP packets, responses should be generated more quickly * fixed rules parser code for various failure modes * several new rules files and a new classification system * 60+ new rules since the last release added After this release we're going to reorganize the whole source tree and do a quick 1.9 version with the new code layout. Once that's done, we're going to begin coding 2.0 in earnest in December, hopefully doing our initial release sometime in the February time frame. Snort 1.8.2 is available in the following package types at http://www.snort.org on the Downloads page: * source tarball * RPM (10 flavors) * Solaris Package * OpenBSD Package * FreeBSD Package * win32 executable installer Enjoy! -Marty -- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch@sourcefire.com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org