With the new release of snort 2.8.4 you will need to upgrade immediately from whatever version you are on. If you do not upgrade, your sensorfail will be epic when you try to run any updated rules. This is due to the new DCERPC preprocessor and all new rules being built to use this new functionality.
Snort 2.8.4 is now available on snort.org, at http://www.snort.org/dl/
Snort 2.8.4 introduces:
- A revised DCE/RPC preprocessor with more rule options
With the new DCE/RPC preprocessor, there will be a number of updates
to the rules. Please be sure to update your rules to the latest
when that package is available (next few days).
- Support for IPv6 in Frag3 and all application preprocessors
- Improved target-based support in preprocessors
- Option to automatically pre-filter traffic that is not inspected in
order to improve performance
- Several other improvements and fixes
Please see the release notes and changelog for more details.
Cheers,
JJC
No comments:
Post a Comment