Release Notes: UTC timestamps, stability problems in stream4, stability problems in frag2, SIGUSR1 handling (to ensure proper resetting after a signal), and PID path generation code (to ensure PID files go in the right place) were fixed. spo_unified was tweaked for better integration with barnyard. -f switch was added to turn off fflush() calls in binary logging mode. Packet precaching for flexresp TCP packets was added and responses should now be generated more quickly. Several new rules files and a new classification system were added.
Release Notes: Big bugfixes for the stateful inspector, stream reassembler, IP defragmenter, and tagging subsystems. SNMP and IDMEF XML output, new anti-evasion code in the http_decode preprocessor, and limited regex/wildcards in the rules language have been added.
Release Notes: This version features a stateful inspection and TCP stream reassembly module, a high performance IP defragmenter module, a high performance unified binary output module, a tagging feature which allows hosts that trip events to be tracked/logged, enhanced cross-referencing of data with alerts, the addition of Classifications and Priorities to the rules language, ARP spoofing detection, the addition of "IP" as a supported protocol type in the Snort rules language, a Back Orifice detection plugin, a telnet normalization plugin defeats telnet and FTP evasion techniques, an RPC normalization plugin defeats RPC fragmentation evasion techniques, a CSV format output plugin, a TCP window detection plugin, and a same IP detection plugin. The "uricontent" keyword allows HTTP traffic to be searched only within the data in the URI field. 802.1Q decoder support and linux_sll decoder support were added.
Release Notes: TCP stream reassembly, statistical anomaly detection, IP defragmentation, XML output, Oracle database support, dynamic rules, and IP address lists within rules have all been added, and there are many miscellaneous improvements.
Release Notes: Fixes for compilation problems on all non-BSD operating systems, better configuration support for locating libpcap, fixes for ICMP ping packet id/sequence printouts, allowances for 64-bit machines in the decoders, an updated portscan detector, disabled defragmenter by default in the rules file, a patch to make daemon mode alerts filenames conform to the data in the documentation, revamped ICMP data structures to mimic *BSD and provide for higher fidelity decoding/printout, fixes for the output plugins, application of a byte-ordering patch to the flexresp code, and payload dump conforms to the length of the IP datagram.
Release Notes: This release has several fixes to the configuration script to allow normal compilation across all Linux platforms. Additionally, it has fixes for the Tru64 version, as well as a fix for SMB alerting.
Release Notes: Two security fixes (specifically, a DoS condition in the ASCII packet logger and the tmp file bug in the SMB alerting code), a great deal of bugfixes and tweaks for a variety of platforms (especially Tru64 and Solaris), and a few major additions including an IP defragmentation plugin, updated and enhanced database logging, an enhanced rules library, and a new -O "IP address obfuscation switch".
Release Notes: Numerous improvements.
Release Notes: Fixes were made for a problem with PASS rules not being applied properly, an #include ordering problem for Slackware 4.0 installs, banner output with the -V option, and a problem with improper TCP option output. Packet buffer cleanup code was added to all protocol decoders. Token Ring decoding is now fully functional, and a Snort man page was added. Upgrading is recommended due to a small change in the detection engine.
Release Notes: Plugins, rule file variables and includes, preprocessors, TCP session logging, new detection capabilities (IP options, multiple content strings per rule), new protocol decoders (I4L-ISDN, NULL), an HTTP traffic normalizer (defeats evasive CGI scanners like Whisker.pl), faster and more accurate IP and TCP option decoders, etc.