Snort 2.0 Released!

Snort 2.0 has been released and is available at http://www.snort.org. Snort 2.0 is the result of many months of effort on the part of dozens of people and has a slew of new features:

• Enhanced high-performance detection engine
• Stateful Pattern Matching
• New detection keywords: byte_test & byte_jump
• The Snort code base has undergone an external third party professional security audit funded by Sourcefire (http://www.sourcefire.com)
• Many new and updated rules
• snort.conf has been updated
• Enhancements to self preservation mechanisms in stream4 and frag2
• State tracking fixes in stream4
• New HTTP flow analyzer
• Enhanced protocol decoding (TCP options, 802.1q, etc)
• Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc)
• Enhanced flexresp mode for real-time TCP session sniping
• Better chroot()'ing
• Tagging system updated
• Several million bugs addressed....
• Updated FAQ (thanks to Erek Adams and Dragos Ruiu)

Snort 2.0 can be downloaded at
http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary versions of the code base will be built over the next several days and made available at snort.org.

Thanks to everyone who has contributed and helped out over the past several months!

      -Marty

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch(at)sourcefire.com - 
http://www.sourcefire.com
Snort: Open Source Network IDS - 
http://www.snort.org


------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
 
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - 
including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. 
 
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids