Tag Archive | flowbits

Suricata 2.0.9 Available!

Photo by Eric Leblond

The OISF development team is pleased to announce Suricata 2.0.9. This release fixes a number of issues in the 2.0 series.

Couple of important fixes: defrag evasion, a crash when using certain rules (mixing regular content and relative bytejumps with dce option) and better detection of TCP retransmissions with different data.

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.9.tar.gz

Changes

  • Bug#1558: stream: retransmission not detected (2.0.x)
  • Bug #1550: Segmentation Fault at detect-engine-content-inspection.c:438
  • Bug #1564: defrag: evasion issue
  • Bug #1431: stream: last_ack update issue leading to stream gaps (2.0.x)
  • Bug #1483: 2.0.x backport: Leading whitespace in flowbits variable names
  • Bug #1490: http_host payload validation erroring on uppercase PCRE metacharacters
  • Bug #1501: 2.0.x backport: Add HUP coverage to output json-log
  • Bug #1510: 2.0.x: address var parsing issue
  • Bug #1513: stream_size <= and >= modifiers function as < and > (equality is not functional) (2.0.x)
  • Update bundled libhtp to 0.5.18

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Jérémy Beaume
  • Erik Hjelmvik
  • Alessandro Guido
  • Alexandre Macabies
  • Darren Spruell
  • Jay MJ
  • Charles Smutz

Known issues & missing features

If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.  See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

Training & Support

Need help installing, updating, validating and tuning Suricata? We have a training coming up in Barcelona in November: see https://suricata-ids.org/training/

For support options also see https://suricata-ids.org/support/

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 1.4.4 released!

Photo by Eric LeblondThe OISF development team is pleased to announce Suricata 1.4.4. This is a small but important update over the 1.4.3 release, fixing some important bugs.

Get the new release here: suricata-1.4.4.tar.gz

Fixes

  • Bug #834: Unix socket – showing as compiled when it is not desired to do so
  • Bug #841: configure –enable-unix-socket does not err out if libs/pkgs are not present
  • Bug #846: FP on IP frag and sig using udp port 0, thanks to Rmkml
  • Bug #864: fix pass action not working correctly in all cases, thanks Kevin Branch
  • Bug #876: http connect tunnel crash fixed
  • Bug #877: Flowbit check with content doesn’t match consistently, thanks to Francis Trudeau

Special thanks

  • Rmkml
  • Francis Trudeau
  • Kevin Branch

Known issues & missing features

As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.