VRT Advisories


VRT Rules 2006-06-05

Snort 2.4.5 and 2.6.0 Final

Date: 2006-06-05

The Snort Team is pleased to announce the release of Snort 2.4.5 and Snort 2.6.0 Final.

The Snort Team would like to thank all those who tested the Snort 2.6 release candidates and provided valuable feedback and bug reports. Snort 2.6 is the way of the future for Snort development and its release signifies the end of life for development on the Snort 2.4 branch.

These releases have better performance, numerous new features and incorporate many bug fixes. Notable bug fixes and improvements include:

  • Tcp stream properly reassembled after failed sequence check which may lead to possible detection evasion.
  • Added configurable stream flushpoints.
  • Improved rpc processing.
  • Improved portscan detection.
  • Improved http request processing and handling of possible evasion cases.
  • Improved performance monitoring.

The Snort 2.6 release also introduces the ability to use dynamic rules and dynamic preprocessors and contains further improvements to the Snort detection engine.

Sourcefire would like to thank Erik Kamerling of the SANS Attack Attribution Research Group, Sid Faber from CERT and Chris Ries from Vigilant minds for reporting the issue with stream reassembly and the possible evasion cases.

The Snort Team is continuing its work on investigating the issues with the http_inspect evasion and will release further updates to the detection preprocessor as they become available.

Note:
With the release of Snort v2.6.0, we are moving to a new versioning system for all future releases. This new system is designed to enable more frequent bug and feature releases, while still meeting the needs of Snort enterprise users. The following is a description:

  • X. - Major snort product change
  • X.X - Major new feature set
  • X.X.X - Minor feature enhancements and bug fixes
  • X.X.X.X - Bug fixes only

For example. a bug fix to Snort 2.6.0 would increment the version to be Snort 2.6.0.1 while a minor feature enhancement would increment the version to be 2.6.1.