2007-11-20 - Snort 2.8.0.1 [*] Improvements * Updates to build with new versions of libPCRE. * Fix Stream5 debugging output to actually compile and have correct output for normal & IPv6 enabled builds. * Correct perfmonitor statistic calculation for pattern matcher percentage. 2007-09-20 - Snort 2.8.0 [*] New Additions * 1st Phase of IPv6. Added support for IP variables (ipvar) and improved support for IP list handling. Supported areas include Rules, Variables, and Stream5, HttpInspect, DCE/RPC preprocessors. See README.ipv6 for details. * Port Lists. Added and improved handling of lists of Ports, Port Ranges, and use of Port variables (portvar) within rules. Eliminates need to duplicate rules for different that are far apart, like HTTP ports 80 and 8080. See README.variables for details. * Packet Performance Monitoring. Provide capability within Snort to limit time spent inspecting individual packets as well as handle performance intensive rules. See README.ppm for details. * Experimental support for Target-Based Stream & IP Frag reassembly and rule processing. * Ability to control actions (pass, drop, alert, sdrop, etc) taken when a preprocessor or decoder event is triggered. Users can specify classifications and CVS/Bugtraq/etc reference information for those events. Preprocessor and decoder events are controlled through rules (similar format to regular Snort rules, only without the Protocol, IP & Port specifiers). * Basic support to detect TCP session hijacking based on changes to the MAC address. * Unified2 Output plugin. [*] Improvements * Ability to generate stats from all preprocessors at exit or upon receipt of USR1 signal. Fixed issues with packet counters from PCAP library (received/dropped) being inconsistent between versions of libpcap. * Cleanup memory at Snort exit from session & client configurations. * Improved detection of encrypted ftp sessions and reduction of false positives generated by ftptelnet preprocessor. * Improvements to SMTP preprocessor for better normalization, SMTP header processing and additional ports. * Update output to better handle printing 64bit values across many platforms. * Improved performance in the pattern match engines to avoid re-evaluating a rule when a pattern has already been seen earlier in the packet.