Snort 2.8.6 released

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

New Additions

  • HTTP Inspect now splits requests into 5 components – Method, URI, Header (non-cookie), Cookies, Body. Content and PCRE rule options can now search one or more of these buffers.
  • HTTP server-specific configurations to normalize the HTTP header and/or cookies have been added.
  • Support gzip decompression across multiple packets.
  • Added a Sensitive Data preprocessor, which performs detection of Personally Identifiable Information (PII). A new rule option is available to define new PII.
  • Added a new pattern matcher and related configurations. The new pattern matcher is optimized to use less memory and perform at AC speed.

Improvements

  • Addressed problem to resolve output obfuscation affecting packets when Snort is inline.
  • Preprocessors with memcap settings can now be configured in a “disabled” state. This allows you to configure that memcap globally, but only enable the preprocessor in targeted configurations.