[Oisf-devel] Suricata 1.2rc1 Available!
rmkml
rmkml at yahoo.fr
Wed Jan 11 23:27:29 UTC 2012
Hi Victor and all OISF team,
Happy New Year again and Congratulations for this new release!
Excuse me, but when Im test content with http_header on http reply network traffic: suricata v12rc1 not fire... (without http_header: suricata fire)
My very simply testing rules:
alert tcp any any -> any any (msg:"http reply found"; flow:to_client,established; content:"X-Powered-By"; http_header; classtype:attempted-user; sid:9313701; rev:1; )
Anyone confirm please?
Regards
Rmkml
On Wed, 11 Jan 2012, Victor Julien wrote:
> Suricata 1.2rc1 Available!
>
> The OISF development team is proud to announce Suricata 1.2rc1, the
> first (and hopefully only) release candidate for Suricata 1.2. It brings
> performance increases, file inspection and extraction improvements and
> much more!
>
> Get the new release here:
> http://www.openinfosecfoundation.org/download/suricata-1.2rc1.tar.gz
>
> The new release comes with a number of important improvements and fixes.
>
> New features
>
> - app-layer-events keyword: similar to the decoder-events and
> stream-events, this will allow matching on HTTP and SMTP events
> - auto detection of checksum offloading per interface (#311)
> - urilen options to match on raw or normalised URI (#341)
> - flow keyword option "only_stream" and "no_stream"
> - unixsock output options for all outputs except unified2 (PoC python
> script in the qa/ dir) (#250)
>
> Improvements
>
> - in IPS mode, reject rules now also drop (#399)
> - http_header now also inspects response headers (#389)
> - "worker" runmodes for NFQ and IPFW
> - performance improvement for "ac" pattern matcher
> - allow empty/non-initialized flowints to be incremented
>
> Under the hood
>
> - PCRE-JIT is now enabled by default if available (#356)
> - many file inspection and extraction improvements
> - flowbits and flowints are now modified in a post-match action list
> - general performance improvements
>
> Notable Fixes & Changes
>
> - fixed parsing really high sid numbers >2 Billion (#393)
> - fixed ICMPv6 not matching in IP-only sigs (#363)
>
> Known issues & missing features
>
> This is a "release candidate"-quality release so the stability should be
> good although unexpected corner cases might happen. If you encounter
> one, please let us know!
>
> As always, we are doing our best to make you aware of continuing
> development and items within the engine that are not yet complete or
> optimal. With this in mind, please notice the list we have included of
> known items we are working on.
>
> See http://redmine.openinfosecfoundation.org/projects/suricata/issues
> for an up to date list and to report new issues. See
> http://redmine.openinfosecfoundation.org/projects/suricata/wiki/Known_issues
> for a discussion and time line for the major issues.
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
More information about the Oisf-devel
mailing list