Tuesday, April 26, 2005

Snort Developments

I have a few news items from the Snort world. First, Snort 2.3.3 was released. This should not have any news rules, as it's not Snort 2.4.0 or Snort 3.0.0. Snort 2.3.3 does feature a so-called "mini-preprocessor" to watch for attacks exploiting Vulnerability in Exchange Server Allows Remote Code Execution (MS05-021). Code to allegedly test for the vulnerability is here, so you might want to try testing Snort 2.3.3 with it.

Second, the Open Source Snort Rules Consortium ossrc-intro mailing list is operational. Currently the lead thread is asking for comments on the latest OSSRC Charter, dated 22 March 2005. This is the same document I previously examined.

No comments: