Luis Daniel Lucio Quiroz submitted a patch for Snort 2.8.6. I have not tested these, they are (as all submissions) posted as received.
CVS and FTP have been updated with the new Snortsam version, now at version 2.69. Hope everyone had a great Thanksgiving.
Olli also did some clean-up on the older PF plugin. Table names and now fixed. The code may no longer work on OpenBSD older than 3.3, but should work without problems on all newer versions. Thanks Olli!
I also brought the plugin version numbers listed on startup of Snortsam in sync with the respective versions of the plugin in CVS.
CVS and FTP have been updated with the new Snortsam version, now at version 2.68.
I don't think there will be many new features in Snortsam v2 in the near future. In my spare time, I'm working on the next step in the evolution of distributed blocking, and it will blow Snortsam right out of the water. You will hear about it when it is ready for release. But in the meantime, Snortsam is still seeing use, and there are many new folks that are discovering it just now. So, I'll do my best to maintain it.
If you haven't updated Snortsam lately, you should. The current version is 2.60 which contains several bugfixes.
2010-04-26:
Olli Hauer submitted an updated patch for Snort 2.8.5.3.
2009-11-26:
Olli Hauer submitted some tweaks to the PF2 plugin, and some clean-up to other code. In addition, a new version of makesnortsam.sh has been created that makes it easier to modify things (like adding a custom source file). Great work Olli!
2009-11-08:
Olli Hauer submitted a new version of the PF2 plugin. It now supports the tear-down and disconnect of existing sessions. In the past, Snortsam added the IP to groups for block action, but that only blocked new connections. Existing sessions (for example, brute-force attacks) remained open. Now the session can be killed. Please read the README.pf2 documentation included in the FTP and CVS docs directory and in the source tarball.
2009-10-16:
Good news allround:
New Windows binaries have been compiled, and CVS and source tar ball have been updated to version 2.66.
2009-10-09:
Reports have come in that Luis' Snort 2.8.5 patch contained an error. A fixed version has now been uploaded. Please test it and report result.
2009-09-23:
Luis Daniel Lucio Quiroz submitted a patch for Snort 2.8.5 that adds the Snortsam plugin. It has been uploaded to the web and FTP site.
2009-09-19:
Snortsam version 2.63 is available in CVS and FTP. This update adds missing ifdefs around two POSIX mutexes for Windows so that Snortsam can once again be compiled under Windows. Also included is a fix that addresses crashes on connection resets when using persistent TCP connections. Those who use persistent TCP connections are encouraged to upgrade.
2009-09-15:
Snortsam version 2.61 has just been committed to CVS and FTP. It adds the config option dontunblock. In the past, dontblock only affected blocks and all unblock requests where accepted unfiltered. dontunblock allows now for selective ignoring of unblock requests. Also included is a crude fix that prevents the forwarded plugin from forwarding a request back to the IP address where it received the request.
2009-09-02:
Greetings! Frank here. I have decided to take the Snortsam web site back over. I would like to thank Matt Jonkman and other Emerging Threats members for keeping the web site running during a period where I just didn't have the time to maintain it. Not that I have more time now, but I'd like to take another stab at maintaining Snortsam. Even though it is 8 years old now, I do still feel a certain attachment to it.
Older bulletins/Changelog entries are also available.
© Copyright 2001-2010 Frank Knobbe. All rights reserved.
Snort and Sourcefire are registered trademarks of Sourcefire, Inc.