Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Snort 2.8.6.1 and Snort 2.9 Beta Released - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Snort 2.8.6.1 and Snort 2.9 Beta Released

 New versions of Snort (Beta and Production)are both out. Release notes are here ==> http://www.snort.org/news/2010/07/28/snort-2-8-6-1-and-snort-2-9-beta-released/

New features that I'm finding interesting in 2.9 (Beta):

  • A Data Acquisition API (DAQ) is introduced in this version
  • A byte extract option that bears some investigation - this allows extracted values from one rule to be used in subsequent rule options
  • Some welcome updates for IPv6
  • Support for Intel's QuickAssist for use in pattern matching. This is by far the most interesting feature in the bunch (to me at least) - support for hardware based acceleration (on boxes that have this feature). QuickAssist uses FSB attached FPGAs for this, so builds on previous FPGA work. Attaching the FPGAs to the server FSB overcomes previous limitations in FPGA I/O rates (talk about the sledgehammer approach!), this likely raises the maximum throughput for Snort considerably!
    More info on Quck Assist, and Snort's integration with it can be found here ==> http://www.intel.com/technology/platforms/quickassist/
    and here ==> http://download.intel.com/embedded/applications/networksecurity/324029.pdf

 If anyone has used the new QuickAssist feature and has formal or informal benchmarks, please feel free to comment !

=============== Rob VandenBrink, Metafore ===============

Rob VandenBrink

482 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!