news

该软件是一个有名的基于网络的入侵检测系统

07-22-00        Welcome to version 1.6.3.  This version features clean compiles
		on all architectures and OS's that I have access to, some 
		elusive bug fixes in the decoders, a little bit better 
		packet printing, full-time ARP packet decoding (instead of only
		when the -a option is spec'd), and an upgraded portscan
		detector.  The moral of the story with the 1.6.1->1.6.2.2 
		release cycle was "don't release when you're working on the
		road".  This will be the last version release until the
		Hiverworld IDS ships as I need to dedicate myself fully to
		that cause.  Please watch http://www.snort.org for information
		on the availability for an upgraded defragmentation 
		preprocessor, the one shipping with this version should be
		treated as *beta* code!  

07-08-00	It wouldn't be a relase without a disaster, and in that vein
		we lost the ability to compile cleanly on Linux boxes with 
		version 1.6.1.  Typical.  Lessons learned: I need to reinstall
		a RedHat box at Snort Labs so that I can do compile tests
		before release.  C'est la vie.

07-06-00        Version 1.6.1 is finally ready to see the light of day.  This
                release is mostly a bug fix with a few minor feature additions
                for runtime security.  Version 1.7 is a few months behind in 
                development due to my busy schedule at Hiverworld where I'm 
                putting together a completely new (not Snort-based) IDS.

                Version 1.7 is in development and you can check the latest
                beta functionality by checking it out from the CVS repository.
                The features that have or are going to be added include dynamic
                rules (rules that turn on other rules), variable alert levels,
                port and IP sets for rules, and a few other goodies, plus
                a slew of new plugins.

                Additionally, the snort.org web site has gone live since the
                last release, and it's pretty much a one-stop-shop for all 
                things Snort related (that and www.whitehats.com).

                I hope to have version 1.7 available by the October SANS 
                Network Security 2000 conference.

03-20-00	Bang!  Here's version 1.6, marvel at its glory! :) I'm going
		to keep this short since it's 3AM, but I think that everyone
		is going to like the changes and additions since version 1.5.
		Be sure to check out the new rules writing document at 
		http://www.clark.net/~roesch/snort_rules.html! 

02-26-00        1.6 is still in the works, but this one fixes a few problems
                with people trying to compile on SunOS/Solaris/HP-UX boxes.
                This release really falls more into the "tweak" category, but I
                think it's important enough to put out.  Version 1.6 is coming
                RSN, but will probably be a couple more weeks!

01-03-00        This one is a minor bug fix in preparation for the impending
                release of version 1.6.  Version 1.6 is in beta, but I couldn't
                hold back doing a release of this bug fix version any longer.
                Speaking of 1.6, it should be out in about two weeks, and will
                incorporate a bunch of cool new functionality.  Stay tuned!

12-8-99		Wow, almost two months since the last major release.  Well, if
		you thought the last one was big, this one is HUGE!  There are
		nine major additions to this release, including plugins, 
		session recording, improved flexibility in the rules files,
		better packet content analysis, and a bunch of other stuff.
		Snort is faster, more efficient, more flexible, and more 
		powerful than 1.3.1.  Not bad for two month's work, eh? :)

		What's down the road from here?  Well, the Token Ring decoder
		needs to get finished, and then there are three big topics that
		Snort needs to address: IP defragmentation, TCP stream 
		reassembly, and port scan detection.  Fortunately, the new
		plugin architecture implemented in this version of Snort
		makes the addition of these huge features relatively painless
		from a development standpoint.  The modules can simpley be
		developed and then dropped right into every copy of Snort
		out there.

		The really cool functional (user level) things about version 
		1.5 are session logging with the new "session" keyword, 
		multiple content tests per rule, rules file variables, and the
		IP options inspection keyword "ipopts".  Check out the 
		RULES.SAMPLE file (at the bottom) for more info on the new
		stuff.

10-13-99 	Welp, here's the bug fix release.  There was one really big
		stupid bug in this one plus some other minor annoying stuff, 
		so here's a patch to clean things up a bit.  I also added some
		functionality to the dsize option keyword, you can specify
		">" or "<" now to select ranges.

		2.0 is progressing slowly in the face of various conference 
		activity I have over the next few months.  I'm looking at a late
		November or mid-December release now, but hang in there, it's 
		coming.

09-18-99	This is probably the last 1.x release of Snort (barring a 
		possible bugfix release).  The next planned version is 2.0
		and it will be radically changed for the better.  It will 
		include a faster, more flexible detection engine, plug-in 
		support for detection, output, and monitoring modules, and
		a plethora of other options.  Look for it in late October or
		early November!

		This version includes an enhanced logging/alerting engine that
		is several times faster than the Snort 1.2.1.  The logging
		and alerting command line options are also more streamlined
		so that people may have the flexibility to choose how they log.

		Enjoy!

08-06-99	This is the official "mea culpa" version of Snort.

		Version 1.2 wasn't exactly a high quality release for 
		non-Linux platforms, and so here we are five days later with
		version 1.2.1.  Thanks to everyone's bug reports and a small
		band of volunteers, this release is much more stable than
		version 1.2 and should configure and build cleanly on
		all platforms and architectures, including Sparcs and OpenBSD.

		While all of the bug fixing was taking place, I actually found
		time to integrate some patches that people generously sent in
		during the week.  That kind of makes this release value added,
		it's not just a bug fix there's actually some new stuff in 
		here! 

		If this version proves to be stable and everyone is pretty much
		happy with the way things are working, this will be the last 
		release for a month or so.  I'm writing a paper for the LISA
		'99 conference about Snort, and I need to concentrate on 
		finishing it and getting some facts and figures about the 
		software together.  After that is done, I've got some 
		enhancements for the detection engine thought up that are
		truly radical, stay tuned..... :)

08-03-99	Oops!

08-01-99	Well, here it finally is, the big performance release.  This
		version has a slick new packet decoder and a brand spankin'
		new, fully recursive, detection engine.  It kicks ass! :)  
		Large sections of the code have been restructured to eliminate
		global data structures and streamline how much real data has
		to be passed around.  Two major global data structures have
		been eliminated to make the code more thread friendly in case
		I ever get motivated enough to multi-thread this beast.  The
		SMB alerting code is now an option, use the