Snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?



  • snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?



  • @zor1984:

    snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

    Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

    Bill



  • @bmeeks:

    @zor1984:

    snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

    Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

    Bill

    Thank you!  ;D



  • I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

    File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

    Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

    It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

    Bill



  • @bmeeks:

    I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

    File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

    Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

    It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

    Bill

    Thanks for your great work!  :-X



  • Well, some potentially bad news on the File Inspection feature.  It appears to be broken.  It is marked as "Experimental" in the README files included with the Snort source code.  I could not get it to detect even simple PDF files, and when it was enabled, Snort would die on every soft-restart command.  I have decided to pull this feature for now from the 2.9.7.0 update.

    I am now about to test out OpenAppID.  Hopefully it will work better …  :-\

    Bill