Luis Daniel Lucio Quiroz submitted a patch for Snort 2.8.6. I have not tested these, they are (as all submissions) posted as received.
CVS and FTP have been updated with the new Snortsam version, now at version 2.69. Hope everyone had a great Thanksgiving.
Olli also did some clean-up on the older PF plugin. Table names and now fixed. The code may no longer work on OpenBSD older than 3.3, but should work without problems on all newer versions. Thanks Olli!
I also brought the plugin version numbers listed on startup of Snortsam in sync with the respective versions of the plugin in CVS.
CVS and FTP have been updated with the new Snortsam version, now at version 2.68.
I don't think there will be many new features in Snortsam v2 in the near future. In my spare time, I'm working on the next step in the evolution of distributed blocking, and it will blow Snortsam right out of the water. You will hear about it when it is ready for release. But in the meantime, Snortsam is still seeing use, and there are many new folks that are discovering it just now. So, I'll do my best to maintain it.
If you haven't updated Snortsam lately, you should. The current version is 2.60 which contains several bugfixes.
2013-10-29:
Darryl Sokoloski and Bryan Waters independently provided a patch for Snort 2.9.5.3. Download Darryls version or Bryans version. Both do the same thing, but patch application may slightly differ. If you have problems with one, try the other. They have been added to the download section
2012-04-20:
Michael Scheidell provided a patch for Snort 2.9.2.2. It has been added to the download section
2011-12-13:
Michael Scheidell provided a patch for Snort 2.9.1.2. It has been added to the download section
2011-02-20:
Chris Fensch reported a bug (missing NULL assignment in clearhistory) that could cause memory corruption and crashes while reloading the state file. This was observed on 64 bit systems, but should also effect 32 bit systems, although it was not observed there. Snortsam has been patched, bringing it to version 2.70. New source tarball has been uploaded. Thanks Chris!
2011-02-05:
Robert Zelaya submitted a patch to Snort 2.9. It has been added to the download section.
2010-04-26:
Olli Hauer submitted an updated patch for Snort 2.8.5.3.
2009-11-26:
Olli Hauer submitted some tweaks to the PF2 plugin, and some clean-up to other code. In addition, a new version of makesnortsam.sh has been created that makes it easier to modify things (like adding a custom source file). Great work Olli!
2009-11-08:
Olli Hauer submitted a new version of the PF2 plugin. It now supports the tear-down and disconnect of existing sessions. In the past, Snortsam added the IP to groups for block action, but that only blocked new connections. Existing sessions (for example, brute-force attacks) remained open. Now the session can be killed. Please read the README.pf2 documentation included in the FTP and CVS docs directory and in the source tarball.
2009-10-16:
Good news allround:
New Windows binaries have been compiled, and CVS and source tar ball have been updated to version 2.66.
2009-10-09:
Reports have come in that Luis' Snort 2.8.5 patch contained an error. A fixed version has now been uploaded. Please test it and report result.
2009-09-23:
Luis Daniel Lucio Quiroz submitted a patch for Snort 2.8.5 that adds the Snortsam plugin. It has been uploaded to the web and FTP site.
2009-09-19:
Snortsam version 2.63 is available in CVS and FTP. This update adds missing ifdefs around two POSIX mutexes for Windows so that Snortsam can once again be compiled under Windows. Also included is a fix that addresses crashes on connection resets when using persistent TCP connections. Those who use persistent TCP connections are encouraged to upgrade.
2009-09-15:
Snortsam version 2.61 has just been committed to CVS and FTP. It adds the config option dontunblock. In the past, dontblock only affected blocks and all unblock requests where accepted unfiltered. dontunblock allows now for selective ignoring of unblock requests. Also included is a crude fix that prevents the forwarded plugin from forwarding a request back to the IP address where it received the request.
2009-09-02:
Greetings! Frank here. I have decided to take the Snortsam web site back over. I would like to thank Matt Jonkman and other Emerging Threats members for keeping the web site running during a period where I just didn't have the time to maintain it. Not that I have more time now, but I'd like to take another stab at maintaining Snortsam. Even though it is 8 years old now, I do still feel a certain attachment to it.
Even older bulletins/Changelog entries are also still available. (ahhh, the memories...)
© Copyright 2001-2018 Frank Knobbe. All rights reserved.
Snort and Sourcefire are registered trademarks of Sourcefire, Inc, now Cisco.