Re: [Snort-devel] Snort version 2.1.1 on Gentoo

From: Jason <security(at)brvenik.com>
Date: Mon Apr 19 2004 - 22:11:31 EDT

I suspect you are using an old config, http_decode no longer exists and has been replaced with http_inspect. Use the updated config that came with your 2.1.1 or even better get 2.1.2 from www.snort.org   and build/use that one.

• snip --- Snort 2.1.2 Released Brian @ Wed Mar 31 21:56:17 2004 GMT Good afternoon, snorters!

The Snort Team is proud to officially release Snort v2.1.2. This is a bugfix release, and so it is recommended that users upgrade to this new release.

Fixes highlighted for this release are as follows:

• Fixed conversation parsing faults so users can operate this preprocessor
• Detect non-rfc standard chunk encodings (thanks, H.D. Moore <hdm@digitaloffense.net>)
• Detect abnormal HTTP requests with newlines, spaces, etc. before the request method (thanks, Kanatoko <anvil@jumperz.net>).
• Fix invalid ptr reference that occurred on Fedora. This should also help reduce any false positive 'U Decoding' alerts. (thanks, Owen Crow <Owen_Crow@bmc.com>)
• Fix possible condition where request pipeline URL gets inspected, but the rest of a packet doesn't.
• Fix negative stats output on snort exit or SIGUSR1. (thanks, Owen Crow <Owen_Crow@bmc.com> and others)

Thanks to the community for your continued input and comments, as always, it is much appreciated!

Happy Snorting,
The Snort Team

Security wrote:
> I'm experiencing some odd issues with snort version 2.1.1, output below.

---

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Mon Apr 19 22:16:44 2004