Emerging Threats

  • Increase font size
  • Default font size
  • Decrease font size

Suricata 0.9.1 RC2 Available!

Wednesday, 26 May 2010 11:18 Matt Jonkman
The OISF development team is proud to introduce the second release candidate release of Suricata, the Open Source Intrusion Detection and Prevention engine. We're working towards our first stable release, currently schedules for July 1st 2010.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-0.9.1.tar.gz

New features

- support for the asn1 keyword added
- support for reading of ERF files added
- basic rule profiling functionality added
- ssl2/ssl3 app layer support added
- detection engine was made partly stateful

Improvements

- multiple regressions in the detection engine causing false negatives were fixed
- many accuracy and stability improvements were made
- icmp handling in the flow engine was improved

Known issues & missing features

We have made significant progress towards reaching our first full (non-beta) release of Suricata.  Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete.  With this in mind, please notice the list we have included of known items we are working on.

- Currently we don't support the dce option for byte_test and byte_jump.
- Stream reassembly is currently only performed for app-layer code.
- Inconsistent time stamps in http log file due to handling & updating of the http state.
- DCE/RPC over udp is not currently supported.
- dce_stub_data does not respect relative modifiers.
- Engine does not work properly on big endian platforms.
- Time based stats are not calculated correctly.
- signatures using the uricontent keyword might generate multiple alerts for the same event

See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.

 

Next OISF Brainstorming Meeting Scheduled

Monday, 17 May 2010 15:41 Matt Jonkman

The next OISF Brainstorming Meeting is set for San Francisco, July 16, 2010. 10:00 am until 4:00pm, or later as needed.

Coffee and juice will be served and a light lunch.

Our previous meeting was in Washington DC late last year and we had a standing room only crowd. Great ideas, great solutions, and most of our Phase One Feature Plan was solidified there. Don't miss this second meeting, the ideas that float around the room are well worth your trip to town!

Please This e-mail address is being protected from spambots. You need JavaScript enabled to view it so we can plan for you. Free lunch and drinks, and a great view of San Francisco! We're on Lower Nob Hill on California Street near Fisherman's Wharf at the Golden Gateway Holiday Inn. Great place to relax and see the sights after the meeting.

http://www.holidayinn.com/hotels/us/en/san-francisco/sfogg/hoteldetail

We'll have an official agenda out shortly. The overall goals of the meeting will be:

Review where we are in Phase One
Outline our Feature Plans for Phase Two
Review new Ideas and Technologies
Update you on the Technical Challenges faced
Solicit new Ideas!
Solidify Phase Two Feature Planning

 

Much of the coding team will be there, so come and discuss your ideas and gripes. We need to know what you want in your IDS!

If you're interested in consortium membership this is a prefect time to stop in and talk in person about what it might entail and what benefits you would enjoy. The team will be in town a day or so before and after the meeting, plenty of time to talk!

So please, RSVP if you believe you can make it to the meeting by sending an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . We have a great group rate at the hotel. We look forward to seeing you there!

 

Last Updated ( Monday, 17 May 2010 16:02 )
 

Suricata RC1 Available!

Thursday, 06 May 2010 11:06 Matt Jonkman

The OISF development team is proud to introduce the first release candidate of Suricata, the Open Source Intrusion Detection and Prevention engine. We're working towards our first stable release, currently scheduled for July 1st, 2010.



New features

- Support for the http_headers keyword was added

- libhtp was updated to version 0.2.3

- Privilege dropping using libcap-ng is now supported

- Proper support for "pass" rules was added

- Inline mode for Windows was added


Improvements

 - A regression in the detection engine causing false negatives was fixed

- Many accuracy and stability improvements have been made

 

Known issues & missing features

The OISF has made significant progress towards reaching the first full (non-beta) release of Suricata.  Your feedback is always important to us and we appreciate your time and effort. As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete.  With this in mind, please notice the list we have included of known items currently being addressed.

 

- Using the http_cookie keyword seems to cause a match on all packets.

- Currently we don't support the dce option for byte_test and byte_jump.

- Stream reassembly is currently only performed for app-layer code.

- Inconsistent time stamps in http log file due to handling & updating of the http state.

- DCE/RPC over udp is not currently supported.

- dce_stub_data does not respect relative modifiers.

- Engine does not work properly on big endian platforms.

- Time based stats are not calculated correctly.

 

See https://redmine.openinfosecfoundation.org/projects/suricata/issues for an up to date list and to report new issues.

 

 

Last Updated ( Thursday, 06 May 2010 15:57 )
 
More Articles...


Page 2 of 66