Snort 2.1.0 is now available!
2.06が出たと思ったら数分後に2.10がぁ。今回はWindowsバイナリもそろってますね。WinバイナリDL先
追記:
64-bit update for detection engine. (Thanks, Silio d'Angelo) Added better PPP decoding. (Thanks Jesper Peterson) Updated ip_proto optimization for high-speed detection engine. Fixed infinite loop problem that was introduced by the recursive pattern matching patch. Reported by Lawrence Reed, thanks for testing out the changes for us! Various changes to help respond (version 1) work a little better. spp_http_decode 64-bit patch from Dirk Mueller. Out-of-order ACK problem from Andrew Rucker. Also, updated stream4 to the most recent version from HEAD. Minor fixes to tagging related to 'src' and 'dst' directives When counting one byte patterns in 'ningroup' added a check for psLen==1 (wu-manber pattern matcher). Thanks Josh Sakofsky and Dennis McGuire for helping us test this.
Major 2.1 features include: A new connection tracking module, Flow (replaces conversation) A new portscan detector based off of Flow, Flow-Portscan (replaces portscan2) A new http preprocessor, HttpInspect (replaces http_decode) Alert Thresholding and Suppression PCRE rule keyword (Perl Compat Regular Expressions) isdataat rule keyword (buffer length detection) A ton of new and updated rules.
これの日本語解説がしかPさんのやつ↓