Snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

zor1984

snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

bmeeks

@zor1984:

snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

Bill

zor1984

@bmeeks:

@zor1984:

snort-2.9.7.0 released, will we see the package updates for 2.1.5 sense?

Yes.  That is on my radar for the package.  Will also try and implement the new OpenAppID stuff in the GUI.  Don't have an exact date in mind yet, but I will get to work on it very soon.

Bill

Thank you!  ;D

bmeeks

I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

Bill

zor1984

@bmeeks:

I have successfully compiled a pfSense package for Snort 2.9.7.0 that includes both the new Open Application ID and File Inspect features.

File Inspection identifies file types, inspects the contents, and can capture and store downloaded files either locally or can send them to a remote receiver on a different networked device.  That target device has to be running the Snort file_server application.

Open Application ID (OpenAppID) is described and demonstrated in this VRT blog post:  http://blog.snort.org/2014/03/firing-up-openappid.html.  And here is a link to a collection of VRT blog articles about the new feature:  http://blog.snort.org/search/label/openappid.

It will take me several days to add the additional code to the GUI for supporting these new features and then test it.  I will post an update once I have officially submitted the Pull Request for review.

Bill

Thanks for your great work!  :-X

bmeeks

Well, some potentially bad news on the File Inspection feature.  It appears to be broken.  It is marked as "Experimental" in the README files included with the Snort source code.  I could not get it to detect even simple PDF files, and when it was enabled, Snort would die on every soft-restart command.  I have decided to pull this feature for now from the 2.9.7.0 update.

I am now about to test out OpenAppID.  Hopefully it will work better …  :-\

Bill