Tag Archive | der

Suricata 4.0.0-rc2 ready for testing!

suri-400x400

We are proud to announce that the second release candidate for the upcoming Suricata 4.0.0 is ready for your testing.

We’re aiming for a final 4.0.0 release about 2 weeks from now. Please help us test!

Changes

  • Feature #744: Teredo configuration
  • Feature #1748: lua: expose tx in alert lua scripts
  • Bug #1855: alert number output
  • Bug #1888: noalert in a pass rule disables the rule
  • Bug #1957: PCRE lowercase enforcement in http_host buffer does not allow for upper case in hex-encoding
  • Bug #1958: Possible confusion or bypass within the stream engine with retransmits.
  • Bug #2110: isdataat: keyword memleak
  • Bug #2162: rust/nfs: reachable asserting rust panic
  • Bug #2175: rust/nfs: panic – 4.0.0-dev (rev 7c25a2d)
  • Bug #2176: gcc 7.1.1 ‘format truncation’ compiler warnings
  • Bug #2177: asn1/der: stack overflow

Download

https://www.openinfosecfoundation.org/download/suricata-4.0.0-rc2.tar.gz

Special thanks

AFL project, Abdullah Ada

Trainings

SuriCon 2017

Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be in November in Prague: https://suricon.net

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.2.3 available!

suri-400x400

We are pleased to announce Suricata 3.2.3. This release fixes a fairly small number of issues. The most important one is an issue we found using AFL in the DER/ASN1 parser. This has the potential to crash your Suricata instance.

Changes

  • Bug #2089: engine file logging race condition (3.2.x)
  • Bug #2173: openbsd: pcap with raw datalink not supported (3.2.x)
  • Bug #2178: asn1/der: stack overflow (3.2.x)
  • Bug #2179: Possible confusion or bypass within the stream engine with retransmits. (3.2.x)
  • Bug #2183: gcc 7.1.1 ‘format truncation’ compiler warnings (3.2.x)

Download

https://www.openinfosecfoundation.org/download/suricata-3.2.3.tar.gz

Special thanks

AFL project

Trainings

SuriCon 2017

Come meet the Suricata community and development team to discuss all things Suricata at the third edition of the annual Suricata Conference. SuriCon 2017 will be in November in Prague: https://suricon.net

About Suricata

Suricata is a high performance Network Threat Detection, IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 3.0RC3 Available!

Photo by Eric Leblond

We’re happy to announce Suricata 3.0RC3. RC3 fixes a few issues in RC2 that require some more testing. The plan is to release the stable quickly after the holidays, so please help us test this release!

Fixes:

  • Bug #1632: Fail to download large file with browser
  • Bug #1634: Fix non thread safeness of Prelude analyzer
  • Bug #1640: drop log crashes
  • Bug #1645: Race condition in unix manager
  • Bug #1647: FlowGetKey flow-hash.c:240 segmentation fault (master)
  • Bug #1650: DER parsing issue (master)

Get the release here:

http://www.openinfosecfoundation.org/download/suricata-3.0RC3.tar.gz

Known issues & missing features

In a development release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 2.0.11 Available!

Photo by Eric Leblond

The OISF development team is pleased to announce Suricata 2.0.11. This release fixes a number of important issues in the 2.0 series.

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.11.tar.gz

Changes

  • Bug #1572: 2.0.8 FlowGetKey flow-hash.c:240 segmentation fault (icmp destination unreachable)
  • Bug #1637: drop log crashes
  • Bug #1639: 2.0.x: Fix non thread safeness of Prelude analyzer
  • Bug #1649: DER parsing issue
  • Bug #1651: HTTP body tracking using excessive memory
  • Bug #1652: SMTP parsing issue (2.0.x)
  • Bug #1653: DNS over TCP parsing issue (2.0.x)
  • Bug #1654: TCP reassembly bug (2.0.x)

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Mark Webb-Johnson
  • Nick Jones
  • Hayder Sinan
  • Samiux A

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

Training & Support

Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.