[Oisf-users] Call for testing: Suricata 4.1rc2 released
Mats Klepsland
mats.klepsland at gmail.com
Thu Oct 18 19:19:06 UTC 2018
Hi.
Thanks for testing the new RC and for reporting this!
This bug is probably related to the TLS 1.3 support that was added in
4.1rc2. I think I've found the bug, but
it would be useful to confirm that I'm right.
Any chance that you could reproduce the error, capture a PCAP file, and
send it to me in an email off
list? That would really help :)
Thanks again!
Kind regards,
Mats Klepsland
On Thu, Oct 18, 2018 at 6:29 PM F.Tremblay <fcourrier at gmail.com> wrote:
> Hello,
>
> From RC1 to RC2 the JA3 Hashing changed. Take a simple Firefox and the JA3
> Hash from RC1 to RC2 changed while the application havent. Very easy to
> reproduce.
>
> So its either Suricata doesnt extrack the info from the strings like the
> Salesforce method, or the TLS engine manipulate the JAE-strings, like a
> proxy or a simple bug where not all the strings are taken into account.
>
> Protocol havent changed, still TLS 1.2 (771)
>
> Cheers.
>
> F.
>
> On Tue, Oct 16, 2018 at 7:49 AM Victor Julien <victor at inliniac.net> wrote:
>
>> Suricata 4.1rc2 is ready for testing. We're hoping that this will be the
>> final release candidate so that 4.1 can be released just before Suricon
>> next month.
>>
>> Main new features are inclusion of the protocols SMBv1/2/3, NFSv4,
>> Kerberos,FTP, DHCP, IKEv2, as well as improvements on Linux capture side
>> via AF_PACKET XDP support and on Windows IPS side via WinDivert. The
>> growth of Rust usage inside Suricata continues as most of the new
>> protocols have been implemented in Rust.
>>
>> Most important change for going from RC1 to RC2 is that we have enabled
>> Rust support by default. If Rust is installed, it will be used.
>>
>> Get the release here:
>> https://www.openinfosecfoundation.org/download/suricata-4.1.0-rc2.tar.gz
>>
>>
>> *Protocol updates*
>>
>> SMBv1/2/3 parsing, logging, file extraction
>> TLS 1.3 parsing and logging (Mats Klepsland)
>> JA3 TLS client fingerprinting (Mats Klepsland)
>> TFTP: basic logging (Pascal Delalande and Clément Galland)
>> FTP: file extraction
>> Kerberos parser and logger (Pierre Chifflier)
>> IKEv2 parser and logger (Pierre Chifflier)
>> DHCP parser and logger
>> Flow tracking for ICMPv4
>> Initial NFS4 support
>> HTTP: handle sessions that only have a response, or start with a response
>> HTTP Flash file decompression support (Giuseppe Longo)
>>
>>
>> *Output and logging*
>>
>> File extraction v2: deduplication; hash-based naming; json metadata and
>> cleanup tooling
>> Eve metadata: from rules (metadata keyword) and traffic (flowbits etc)
>> Eve: new more compact DNS record format (Giuseppe Longo)
>> Pcap directory mode: process all pcaps in a directory (Danny Browning)
>> Compressed PCAP logging (Max Fillinger)
>> Expanded XFF support (Maurizio Abba)
>> Community Flow Id support (common ID between Suricata and Bro/Zeek)
>>
>>
>> *Packet Capture*
>>
>> AF_PACKET XDP and eBPF support for high speed packet capture
>> Windows IPS: WinDivert support (Jacob Masen-Smith)
>>
>>
>> *Misc*
>>
>> Windows: MinGW is now supported
>> Detect: transformation keyword support
>> Bundled Suricata-Update
>> Per device multi-tenancy
>>
>>
>> *Major changes since 4.1rc1*
>>
>> Rust support is enabled by default
>> Community Flow Id support (common ID between Suricata and Bro/Zeek)
>> Updates and fixes for dealing with SegmentSmack/FragmentSmack
>> Update Suricata-Update to 1.0.0rc2
>>
>>
>> *Get paid to work on Suricata!*
>>
>> Enjoying the testing? Or want to help out with other parts of the project?
>> We are looking for people, so reach out to us if you're interested.
>>
>>
>> *Special thanks*
>>
>> Mats Klepsland, Jason Taylor, Maurizio Abba, Konstantin Klinger,
>> Giuseppe Longo, Danny Browning, Hilko Bengen, Jacob Masen-Smith, Pascal
>> Delalande, Travis Green, Christian Kreibich
>>
>>
>> *Trainings*
>>
>> Check out the latest training offerings at
>> https://suricata-ids.org/training/
>>
>>
>> *SuriCon*
>>
>> SuriCon 2018 Vancouver next month, you can still join!
>> https://suricon.net/agenda-vancouver/
>>
>>
>> *About Suricata*
>>
>> Suricata is a high performance Network Threat Detection, IDS, IPS and
>> Network Security Monitoring engine. Open Source and owned by a community
>> run non-profit foundation, the Open Information Security Foundation
>> (OISF). Suricata is developed by the OISF, its supporting vendors and
>> the community.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>> Conference: https://suricon.net
>> Trainings: https://suricata-ids.org/training/
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181018/295753d2/attachment-0001.html>
More information about the Oisf-users
mailing list