Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Snort and Snort 2.9 Beta Released SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort and Snort 2.9 Beta Released

 New versions of Snort (Beta and Production)are both out. Release notes are here ==>

New features that I'm finding interesting in 2.9 (Beta):

  • A Data Acquisition API (DAQ) is introduced in this version
  • A byte extract option that bears some investigation - this allows extracted values from one rule to be used in subsequent rule options
  • Some welcome updates for IPv6
  • Support for Intel's QuickAssist for use in pattern matching. This is by far the most interesting feature in the bunch (to me at least) - support for hardware based acceleration (on boxes that have this feature). QuickAssist uses FSB attached FPGAs for this, so builds on previous FPGA work. Attaching the FPGAs to the server FSB overcomes previous limitations in FPGA I/O rates (talk about the sledgehammer approach!), this likely raises the maximum throughput for Snort considerably!
    More info on Quck Assist, and Snort's integration with it can be found here ==>
    and here ==>

 If anyone has used the new QuickAssist feature and has formal or informal benchmarks, please feel free to comment !

=============== Rob VandenBrink, Metafore ===============

Rob VandenBrink

571 Posts
ISC Handler
Jul 29th 2010

Sign Up for Free or Log In to start participating in the conversation!