- enable dynamicplugin / dynamic preprocessors.
- install documentation.
- fix instructions.
- USE_LIBTOOL.
update from nikns <nikns@secure.lv> with a few changes;
feedback and ok msf@
--
This update contains a ton of fixes and features. Included is a small bit
from the ChangeLog:
* corrected big endian rpc decoding
* stop stream4 from clobbering itself
* fixed file rotation bug in spo_unified
* massive speed patch for multiple CIDR blocks
* corrected ICMP printing
* added a ton of new signatures
From ChangeLog:
- Fixed crash in frag2 under Linux
- Fixed flexresp code, session sniping should work again and be
faster to boot
- Fixed ICMP decoder and printout routines for new ICMP header
data structs in decode.h
- Added -B command line switch to translate IP addresses in pcap
files from one subnet to another (see the man page).
- Added spo_log_null to give users an option to deactivate logging
output from the snort.conf file.
is moved over.
New to 1.8.1
* SNMP Alerts
* IDMEF XML output
* Limited wildcard regex support
* New normalization mode for http_decode
* many bug fixes
From Changelog:
* added new IP defragmenter, spp_frag2
* added new stateful inspection/tcp stream reassembly plugin, spp_stream4
* Snort can now statefully detect ECN traffic (less false alarms)
* stream4 can now keep session statistics in a "session.log" file
* added new high-speed unified binary output system, spo_unified
* added new data structs/management for tag code
* added -k switch to tune checksum verification behavior
* added -z switch to provide stateful verification of alerts
* modified bahavior of http_decode, now only alerts once per packet
* added unique Snort ID's to every Snort rule, plus generator, revision
and event ID info to each alert
* detection engine only alerts once per packet now, tcp stream code doesn't
generate another alert packet if a previous one already alerted for that
stream
* fixed signal handling on svr4 systems
* added enhanced cross reference printout to full/fast/syslog alert modes
* added new high speed checksum verification (on x86) routines
* added new ARP spoof detection preprocessor from Jeff
Nathan <jeff@wwti.com>
