The OISF development team is proud to announce Suricata 1.0.2, the second maintenance release for Suricata 1.0, the Open Source Intrusion Detection and Prevention engine.
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.0.2.tar.gz
New features
- Added an SSH application layer module, improving performance and accuracy
- Added two new SSH rule keywords: "ssh.protoversion" and "ssh.softwareversion"
- Added support for missing HTTP related PCRE modifiers /H, /M and /C (bug #220)
Improvements
- Fixed several TCP stream engine evasion issues found by Judy Novak from G2, Inc.
- Improved accuracy of the http_client_body keyword
- Improved dropping of packets in IPS mode when a signature matches in the reassembled stream or the application layer
- Improved error reporting if the engine runs out of memory in the initialization stage
- Fixed a reported segv in the HTTP method detection keyword (bug #231)
- Several smaller issues were fixed
Because of the TCP evasions that are fixed upgrading is highly recommended.
Known issues & missing features
As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-1.0.2.tar.gz
New features
- Added an SSH application layer module, improving performance and accuracy
- Added two new SSH rule keywords: "ssh.protoversion" and "ssh.softwareversion"
- Added support for missing HTTP related PCRE modifiers /H, /M and /C (bug #220)
Improvements
- Fixed several TCP stream engine evasion issues found by Judy Novak from G2, Inc.
- Improved accuracy of the http_client_body keyword
- Improved dropping of packets in IPS mode when a signature matches in the reassembled stream or the application layer
- Improved error reporting if the engine runs out of memory in the initialization stage
- Fixed a reported segv in the HTTP method detection keyword (bug #231)
- Several smaller issues were fixed
Because of the TCP evasions that are fixed upgrading is highly recommended.
Known issues & missing features
As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.
See http://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues. See http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues for a discussion and time line for the major issues.
| < Prev | Next > |
|---|