21/11/2013

Snort 2.9.6.0 beta : What’s new?

The network intrusion detector edited by SourceFire has released the beta version 2.9.6.0. This version introduces new features, as well as improvements on existing features, certain of which were requested by the community.

The <= and >= operators have been added to byte_test rule option, SMTP has been updated to detect Cyrus SASL authentication attacks, as well as support files: it is possible to identify the type of files that run on the network and implement actions accordingly (including capturing them for analysis).

"In this version, we have the ability to perform actions depending on the type of file or footprint. Among the possible actions, we can either save the file to analyse later, block traffic if we are in IPS mode, or raise an alert, or simply keep track," explained Maxime Besson, Network and Systems Expert at Smile.

Download Snort.

Find out more by reading Snort's blog.

News