Menu
▾
▴
[Snort-inline-users] snort_inline-2.4.4-RC5 released
|
From: Will M. <wil...@gm...> - 2006-03-26 00:56:11
|
List, I have released snort_inline-2.4.4-RC5 which can be downloaded from the following url: http://snort-inline.sourceforge.net/download.html We changed a lot of things between 2.4.3-RC4 and 2.4.4-RC5 so please play with and break it if you can ;-). As a side note, I will be teaching a class on snort_inline for the local Kansas City snort users group. If anyone from the snort_inline-users list is interested let me know, it looks like it will end up being about two day's worth of material. Regards, Will Here is a list o' things that have changes in this release... Nick Added Reinject rule action for IPFW(see snort_inline.conf) Dave added a fix for stuck packets under high load for NFQUEUE Added support for stripping http headers out of packet payloads for ClamAV, no we do not yet support chunked or gzip encoding so don't ask ;-). Removed support for buffer scanning using ClamAV we now only support scanning via file-descriptor-mode. If you defined file-descriptor-mode for clamav in your snort_inline.conf before you must now remove it. Added fix for condition when ClamAV alerted and was followed by an alert in snort, packet contents could not be logged. Added new rule actions rejectsrc(same as reject), rejectdst, and rejectboth(README.INLINE). It should be noted that rejectdst will not work in combination with layer2resets as iptables only passes us the src mac, if this the condition the packet will be dropped but no reset will be sent. Victor Added Experimental support for saving the stream4 state table to disk at exit, this allows you to preserve an already established sessions with stream4 and enforce_state enabled(see snort_inline.conf). |
