On Fri, May 31, 2013 at 10:08 AM, Rodolfo Gouveia <[email protected]> wrote: > On 05/31/2013 08:02 AM, C. L. Martinez wrote: >> Could be better to use binary packaged version released by OpenBSD >> (http://ftp.openbsd.org/pub/OpenBSD/5.3/packages/amd64/snort-2.9.4.0.tgz)?? > > Any reason why you didn't start with the packged version? > And did you tune snort.conf to your setup? > > > cheers, > --rodolfo
Exists some important bugs resolved by 2.9.4.6 and 2.9.4.5 release: 2013-04-18 Steven Sturges <[email protected]> Snort 2.9.4.6 * src/build.h: updating build number to 73 * doc/README.counts, doc/snort_manual.pdf, doc/snort_manual.tex, src/decode.c, src/parser.c, src/snort.h: Added config tunnel_verdicts and tunnel bypass for whitelist and blacklist verdicts for 6in4 or 4in6 encapsulated traffic. * src/preprocessors/spp_frag3.c: Don't update IP options length and count in frag3 after allocating option buffer when receiving duplicate 0 offset fragments with IP options. 2013-03-20 Steven Sturges <[email protected]> Snort 2.9.4.5 * src/build.h: updating build number to 71 * src/preprocessors/Stream5/snort_stream5_tcp.c: prevent pruning when dup'ing a seglist node to avoid broken flushed packets * src/detection-plugins/detection_options.c: recursively search patterns within the HTTP uri buffers until the buffer ends. * src/preprocessors/HttpInspect/: client/hi_client.c, client/hi_client_norm.c, include/hi_client.h: Remove proxy information from the normalized URI buffer. Thanks to L0rd Ch0de1m0rt for reporting the issue. * src/: control/sfcontrol.c, preprocessors/Stream5/snort_stream5_tcp.c: fix logging of unified2 packet data when alerting on a packet containing multiple HTTP PDUs And yes, I need to tune snort.conf needed to correctly monitor my network ...
