📄 news
字号:
01-02-01 Welcome to version 1.7. This version features clean compiles
on following architectures and platforms:
* Linux 2.0.X, Linux 2.1.X, Linux 2.2.X (i386)
* FreeBSD 3.x, 4.x (i386)
* SunOS/gcc 5.5, 5.5.1, 5.6, 5.7, 5.8 (sparc)
* OpenBSD 2.7, 2.8
* Tru64/gcc
* HPUX 11.0/gcc
Other platforms/architectures should be supported as well, we just
don't have them available for testing on the moment.
There are a ton of bug fixes and new features in this version, have
a look at the ChangeLog to see many of them. I think that this
will be the last full point release of the 1.X codebase, we're
starting design work on the 2.0 series and I hope that we'll be
putting it out there in the not too distant future (less than six
months!).
It's been a long road to 1.7, the amount of code in the program
compared to the initial release over two years ago is incredible.
We're just getting rolling though, and 2.0 is going to bring a
great number of changes including more plugin interfaces (packet
acquisition and decode), faster/cleaner code (I hope ;) and a
better design for performing more types of analysis.
Big changes in this version: snort-lib renamed to snort.conf, IP
defragmentation plugin now 100% on all architectures, tcp stream
reassembly, statistical anomaly detection, three new command line
switches (-L,-I,-X), IP address lists, a cool "automatic variable"
in the rules file that automatically picks up the IP address and
netmask of a named interface, more packet header printouts,
detection plugins for TOS and the IP fragment bits, as well as a
plugin that allows reference data to be attached to rules and a
completely rewritten active response module, etc.
I hope everyone likes this release, we've put a ton of work into it
to make sure that it's functional and stable while still being
easy to use for everyone.
07-22-00 Welcome to version 1.6.3. This version features clean compiles
on all architectures and OS's that I have access to, some
elusive bug fixes in the decoders, a little bit better
packet printing, full-time ARP packet decoding (instead of only
when the -a option is spec'd), and an upgraded portscan
detector. The moral of the story with the 1.6.1->1.6.2.2
release cycle was "don't release when you're working on the
road". This will be the last version release until the
Hiverworld IDS ships as I need to dedicate myself fully to
that cause. Please watch http://www.snort.org for information
on the availability for an upgraded defragmentation
preprocessor, the one shipping with this version should be
treated as *beta* code!
07-08-00 It wouldn't be a relase without a disaster, and in that vein
we lost the ability to compile cleanly on Linux boxes with
version 1.6.1. Typical. Lessons learned: I need to reinstall
a RedHat box at Snort Labs so that I can do compile tests
before release. C'est la vie.
07-06-00 Version 1.6.1 is finally ready to see the light of day. This
release is mostly a bug fix with a few minor feature additions
for runtime security. Version 1.7 is a few months behind in
development due to my busy schedule at Hiverworld where I'm
putting together a completely new (not Snort-based) IDS.
Version 1.7 is in development and you can check the latest
beta functionality by checking it out from the CVS repository.
The features that have or are going to be added include dynamic
rules (rules that turn on other rules), variable alert levels,
port and IP sets for rules, and a few other goodies, plus
a slew of new plugins.
Additionally, the snort.org web site has gone live since the
last release, and it's pretty much a one-stop-shop for all
things Snort related (that and www.whitehats.com).
I hope to have version 1.7 available by the October SANS
Network Security 2000 conference.
03-20-00 Bang! Here's version 1.6, marvel at its glory! :) I'm going
to keep this short since it's 3AM, but I think that everyone
is going to like the changes and additions since version 1.5.
Be sure to check out the new rules writing document at
http://www.clark.net/~roesch/snort_rules.html!
02-26-00 1.6 is still in the works, but this one fixes a few problems
with people trying to compile on SunOS/Solaris/HP-UX boxes.
This release really falls more into the "tweak" category, but I
think it's important enough to put out. Version 1.6 is coming
RSN, but will probably be a couple more weeks!
01-03-00 This one is a minor bug fix in preparation for the impending
release of version 1.6. Version 1.6 is in beta, but I couldn't
hold back doing a release of this bug fix version any longer.
Speaking of 1.6, it should be out in about two weeks, and will
incorporate a bunch of cool new functionality. Stay tuned!
12-8-99 Wow, almost two months since the last major release. Well, if
you thought the last one was big, this one is HUGE! There are
nine major additions to this release, including plugins,
session recording, improved flexibility in the rules files,
better packet content analysis, and a bunch of other stuff.
Snort is faster, more efficient, more flexible, and more
powerful than 1.3.1. Not bad for two month's work, eh? :)
What's down the road from here? Well, the Token Ring decoder
needs to get finished, and then there are three big topics that
Snort needs to address: IP defragmentation, TCP stream
reassembly, and port scan detection. Fortunately, the new
plugin architecture implemented in this version of Snort
makes the addition of these huge features relatively painless
from a development standpoint. The modules can simpley be
developed and then dropped right into every copy of Snort
out there.
The really cool functional (user level) things about version
1.5 are session logging with the new "session" keyword,
multiple content tests per rule, rules file variables, and the
IP options inspection keyword "ipopts". Check out the
RULES.SAMPLE file (at the bottom) for more info on the new
stuff.
10-13-99 Welp, here's the bug fix release. There was one really big
stupid bug in this one plus some other minor annoying stuff,
so here's a patch to clean things up a bit. I also added some
functionality to the dsize option keyword, you can specify
">" or "<" now to select ranges.
2.0 is progressing slowly in the face of various conference
activity I have over the next few months. I'm looking at a late
November or mid-December release now, but hang in there, it's
coming.
09-18-99 This is probably the last 1.x release of Snort (barring a
possible bugfix release). The next planned version is 2.0
and it will be radically changed for the better. It will
include a faster, more flexible detection engine, plug-in
support for detection, output, and monitoring modules, and
a plethora of other options. Look for it in late October or
early November!
This version includes an enhanced logging/alerting engine that
is several times faster than the Snort 1.2.1. The logging
and alerting command line options are also more streamlined
so that people may have the flexibility to choose how they log.
Enjoy!
08-06-99 This is the official "mea culpa" version of Snort.
Version 1.2 wasn't exactly a high quality release for
non-Linux platforms, and so here we are five days later with
version 1.2.1. Thanks to everyone's bug reports and a small
band of volunteers, this release is much more stable than
version 1.2 and should configure and build cleanly on
all platforms and architectures, including Sparcs and OpenBSD.
While all of the bug fixing was taking place, I actually found
time to integrate some patches that people generously sent in
during the week. That kind of makes this release value added,
it's not just a bug fix there's actually some new stuff in
here!
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -