[Oisf-users] Suricata 4.1 released

Michał Purzyński michalpurzynski1 at gmail.com
Tue Nov 6 20:34:15 UTC 2018


Congratulations on the new release!

Already in ClearLinux.
https://github.com/clearlinux-pkgs/suricata

On Tue, Nov 6, 2018 at 5:54 AM Victor Julien <victor at inliniac.net> wrote:

> After a longer than intended release development cycle, the OISF
> development team is proud to present Suricata 4.1.
>
> Main new features are inclusion of the protocols SMBv1/2/3, NFSv4,
> Kerberos, FTP, DHCP, IKEv2. All of them have been implemented in Rust to
> ensure their introduction will not be compromising to the security and
> the stability of the complete system.
>
> Support for tracking and logging TLS 1.3 has been added, including JA3
> support.
>
> On performance side, one of the main improvements is the availability of
> capture bypass for AF_PACKET implemented on top of the new eXpress Data
> Path capability of Linux kernel. Windows users will benefit of the 4.1
> release with a new IPS mode based on WinDivert.
>
> All new protocols require Rust so Suricata 4.1 is not really 4.1 if you
> don't have Rust. This is why the build system is now enabling Rust by
> default if it is available on the build machine.
>
> This is the first release where Suricata-Update 1.0, the new Suricata
> rule updater, is bundled.
>
> Get the release here:
> https://www.openinfosecfoundation.org/download/suricata-4.1.0.tar.gz
>
>
> *Protocol updates*
>
> SMBv1/2/3 parsing, logging, file extraction
> TLS 1.3 parsing and logging (Mats Klepsland)
> JA3 TLS client fingerprinting (Mats Klepsland)
> TFTP: basic logging (Pascal Delalande and Clément Galland)
> FTP: file extraction
> Kerberos parser and logger (Pierre Chifflier)
> IKEv2 parser and logger (Pierre Chifflier)
> DHCP parser and logger
> Flow tracking for ICMPv4
> Initial NFS4 support
> HTTP: handle sessions that only have a response, or start with a response
> HTTP Flash file decompression support (Giuseppe Longo)
>
>
> *Output and logging*
>
> File extraction v2: deduplication; hash-based naming; json metadata and
> cleanup tooling
> Eve metadata: from rules (metadata keyword) and traffic (flowbits etc)
> Eve: new more compact DNS record format (Giuseppe Longo)
> Pcap directory mode: process all pcaps in a directory (Danny Browning)
> Compressed PCAP logging (Max Fillinger)
> Expanded XFF support (Maurizio Abba)
> Community Flow Id support (common ID between Suricata and Bro/Zeek)
>
>
> *Packet Capture*
>
> AF_PACKET XDP and eBPF support for high speed packet capture
> Windows IPS: WinDivert support (Jacob Masen-Smith)
> PF_RING: usability improvements
>
>
> *Misc*
>
> Windows: MinGW is now supported
> Detect: transformation keyword support
> Bundled Suricata-Update
> Per device multi-tenancy
>
>
> *Minor changes since 4.1rc2*
>
> Coverity fixes and annotations
> Update Suricata-Update to 1.0.0
>
>
> *Security*
>
> SMTP crash issue was fixed: CVE-2018-18956
> Robustness of defrag against FragmentSmack was improved
> Robustness of TCP reassembly against SegmentSmack was improved
>
>
> *Get paid to work on Suricata!*
>
> Enjoying the testing? Or want to help out with other parts of the
> project? We are looking for people, so reach out to us on info at oisf.net
> if you're interested.
>
>
> *Special thanks*
>
> Mats Klepsland, Pierre Chifflier, Giuseppe Longo, Ralph Broenink, Danny
> Browning, Maurizio Abba, Pascal Delalande, Wolfgang Hotwagner, Jason
> Taylor, Jesper Dangaard Brouer, Alexander Gozman, Konstantin Klinger,
> Max Fillinger, Antoine LUONG, David DIALLO, Jacob Masen-Smith, Martin
> Natano, Ruslan Usmanov, Alfredo Cardigliano, Antti Tönkyrä, Brandon
> Sterne, Chris Speidel, Clément Galland, Dana Helwig, Daniel Humphries,
> Elazar Broad, Gaurav Singh, Hilko Bengen, Nick Price, Philippe Antoine,
> Renato Botelho, Thomas Andrejak, Paulo Pacheco, Henning Perl, Kirill
> Shipulin, Christian Kreibich, Tilli Juha-Matti
>
>
> *Trainings*
>
> Check out the latest training offerings at
> https://suricata-ids.org/training/
>
>
> *SuriCon*
>
> SuriCon 2018 Vancouver is next week and it's still possible to join!
> https://suricon.net/
>
>
> *About Suricata*
>
> Suricata is a high performance Network Threat Detection, IDS, IPS and
> Network Security Monitoring engine. Open Source and owned by a community
> run non-profit foundation, the Open Information Security Foundation
> (OISF). Suricata is developed by OISF, its supporting vendors and the
> community.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181106/54af1c25/attachment.html>


More information about the Oisf-users mailing list