The OISF development team is proud to announce Suricata 2.1beta4. This is the fourth beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch.
Download
Get the new release here:
... [More]
http://www.openinfosecfoundation.org/download/suricata-2.1beta4.tar.gz
New Features
Feature #1448: xbits support
Feature #336: Add support for NETMAP to Suricata
Feature #885: smtp file_data support
Feature #1394: Improve TCP reuse support
Feature #1445: Suricata does not work on pfSense/FreeBSD interfaces using PPPoE
Feature #1447: Ability to reject ICMP traffic
Feature #1410: add alerts to EVE’s drop logs
Improvements
Optimization #1014: app layer reassembly fast-path
Optimization #1377: flow manager: reduce (try)locking
Optimization #1403: autofp packet pool performance problems
Optimization #1409: http pipeline support for stateful detection
Bug #1314: http-events performance issues
Bugs
Bug #1340: null ptr dereference in Suricata v2.1beta2
Bug #1352: file list is not cleaned up
Bug #1358: Gradual memory leak using reload (kill -USR2 $pid)
Bug #1366: Crash if default_packet_size is below 32 bytes
Bug #1378: stats api doesn’t call thread deinit funcs
Bug #1384: tcp midstream window issue (master)
Bug #1388: pcap-file hangs on systems w/o atomics support (master)
Bug #1392: http uri parsing issue (master)
Bug #1393: CentOS 5.11 build failures
Bug #1398: DCERPC traffic parsing issue (master)
Bug #1401: inverted matching on incomplete session
Bug #1402: When re-opening files on HUP (rotation) always use the append flag.
Bug #1417: no rules loaded – latest git – rev e250040
Bug #1425: dead lock in de_state vs flowints/flowvars
Bug #1426: Files prematurely truncated by detection engine even though force-md5 is enabled
Bug #1429: stream: last_ack update issue leading to stream gaps
Bug #1435: EVE-Log alert payload option loses data
Bug #1441: Local timestamps in json events
Bug #1446: Unit ID check in Modbus packet error
Bug #1449: smtp parsing issue
Bug #1451: Fix list-keywords regressions
Bug #1463: modbus parsing issue
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
Kostya Kortchinsky of the Google Security Team
the Yahoo Pentest Team
Giuseppe Longo
Alexander Gozman
Ken Steele
Andreas Moe
David Diallo
David Cannings
David Maciejak
Pierre Chifflier
Tom DeCanio
Zachary Rasmor
Aleksey Katargin
FireEye
ANSSI
Emerging Threats
AFL project
Coverity Scan
Travis Green
Darien Huss
Greg Siemon
Alessandro Guido
Antti Tönkyrä
Ray Ruvinskiy
Eduardo Arada
Michael Rash
Known issues & missing features
In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
Training & Support
Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see http://suricata-ids.org/training/
For support options also see http://suricata-ids.org/support/
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of important issues in the 2.0 series.
The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash
... [More]
Suricata. This issue was reported by Kostya Kortchinsky of the Google Security Team and was fixed by Pierre Chifflier of ANSSI.
Those processing large numbers of (untrusted) pcap files need to update as a malformed pcap could crash Suricata. Again, credits go to Kostya Kortchinsky.
A number of other issues were fixed. Upgrading is highly recommended.
Download
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.8.tar.gz
We have a new release key (the previous expired): http://www.openinfosecfoundation.org/download/OISF.pub (00C1B70D)
Changes
Bug #1450: tls parsing issue
Bug #1460: pcap parsing issue
Bug #1461: potential deadlock
Bug #1404: Alert-Debuglog not being rotated on SIGHUP
Bug #1420: inverted matching on incomplete session
Bug #1462: various issues in rule and yaml parsing
Security
The TLS/DER parsing issue has CVE-2015-0971 assigned to it.
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
Kostya Kortchinsky of the Google Security Team
Pierre Chifflier of ANSSI
Sundar Jeyaraman of FireEye
Darien Huss — Emerging Threats
Alexander Gozman
AFL project
Coverity Scan
Known issues & missing features
If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
Training & Support
Need help installing, updating, validating and tuning Suricata? We have trainings coming up. Paris in July, Barcelona in November: see http://suricata-ids.org/training/
For support options also see http://suricata-ids.org/support/
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
The Open Information Security Foundation (OISF) is conducting its annual online elections to fill 7 positions on the OISF board of directors. Board members serve a two year term, therefore, current board members along with new nominees are
... [More]
included on this year's ballot.
The upcoming OISF board will consist of 10 board members in total: 7 elected directors, President of OISF, Matt Jonkman, General Manager of OISF, Kelley Misata, and Suricata's Founder and Lead Developer, Victor Julien.
Each nominee has provided a brief summary highlighting their industry experience and their passion for OISF; please take a minute to read about each of our distinguished nominees and to cast your votes NOW!
Simply follow this link: https://www.surveymonkey.com/s/Z2L6GXZ
Polls will close Wednesday, April 15, 2015 with the new OISF Board announced on Thursday, April 16, 2015.
Best of luck and thanks goes out to all of our nominees! Questions regarding elections can be sent to [email protected].
Thank you,
The OISF Team [Less]
|
The Open Information Security Foundation is preparing hold the biennial (every two years) Board of Director elections and are putting out a call for nominations. We are anticipating the next several years to be both exciting and critical
... [More]
for OISF and Suricata, therefore, we are looking for candidates passionate about security and open source communities willing to serve as advisors on our board of directors. Your voice has a direct impact on future of OISF and Suricata - join us! The call for nominations begins today until March 31, 2015.
Online elections will begin April 1, 2015.
Please consider joining our Board of Directors or nominating someone else who would be a great asset. To help you decided, below are some answer to some common questions:
1. As an OISF board member what will I be asked to do?
Meetings: The OISF Board of Directors meet quarterly to review foundation activities, upcoming events, financial status and strategic objectives. Meetings are held via conference call and pre-scheduled to respect the busy schedules of our board members. Additionally, we host annual OISF User Conferences in locations around the world with our objectives of building Suricata's development roadmap, showing appreciation for OISF's consortium members, and growing the community. We would hope that board members make every effort to attend this important event. Our 2015 OISF User Conference is currently being planned for early November in Barcelona, Spain.Advocacy: Board members will be asked to actively promote OISF, Suricata, and our events throughout the year. OISF and Suricata exist because of the commitment of our community and we look to our board members to actively help us grow our presence in the world.Expert Advice: Board members are expected to actively provide expertise, advice and professional connections necessary to help OISF make great strides both technologically and growing the community.
2. How large is the OISF board?
The current OISF board currently consisted of 6 members from the community - led by Matt Jonkman, Kelley Misata, and Victor Julien of OISF. We will be expanding our board to 7 members serving for a 2 year term.
3. What is in it for me if I become an OISF board member?
As a board member you will have the opportunity to steer an innovative and cutting edge open source technology, to be an integral part of the decision making process for OISF and have a beneficiary priority status in all OISF and Suricata related public or private events. Board members will be publicly acknowledged in OISF or Suricata related events and added to the OISF website spotlighting their professional bios. Depending on OISF's financial capacity we are hoping to offer board members partial travel reimbursement to attend the annual OISF User Conferences - this is not guaranteed, but something we are hoping to be able to offer our board members.
4. I'm interested in nominating myself or someone I know - how do I do it?
It's simple - submit your name, name of your employer and a brief statement outlining your experience and reasons for running to be on the OISF board to [email protected] by 5 pm EST Tuesday, March 31, 2015. Please note, the information provided in the nomination will be included on the PUBLIC election ballots so please be brief.
Elections will begin Wednesday, April 1st and conclude on Wednesday, April 15th. The OISF Board Members will then be announced on Thursday, April 16th.
If you have any questions please do not hesitate to reach out to us directly at [email protected] OR reply to list to start a conversation with the community about this process.
Thank you,
The OISF Team [Less]
|
The OISF development team is pleased to announce Suricata 2.0.7. This release fixes a number of important issues in the 2.0 series.
Two major issues. The first was brought to our attention by the Yahoo Pentest Team. It’s a parsing issue in the
... [More]
DCERPC parser that can happen when Suricata runs out of memory. The exact scope of the problem isn’t clear, but it could certainly lead to crashes. RCE might theoretically be possible but looks like it’s very hard.
The second issue was reported by Darien Huss of Emerging Threats. This is technically a libhtp issue, but it affects Suricata detection and logging. Certain characters in the URI could confuse the parsing of the HTTP request line, leading to possible detection bypass for ‘http_uri’ and to incomplete logging of the URI. Libhtp 0.5.17 has been released to address this and is bundled in 2.0.7.
Other than that a bunch of improvements and fixes. It should work again on CentOS 5. Midstream TCP was improved and some performance optimizations for HTTP proxy traffic were made.
Upgrading is highly recommended.
Download
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.7.tar.gz
Changes
Bug #1385: DCERPC traffic parsing issue
Bug #1391: http uri parsing issue
Bug #1383: tcp midstream window issue
Bug #1318: A thread-sync issue in streamTCP
Bug #1375: Regressions in list keywords option
Bug #1387: pcap-file hangs on systems w/o atomics support
Bug #1395: dump-counters unix socket command failure
Optimization #1376: file list is not cleaned up
Security
The DCERPC parsing issue has CVE-2015-0928 assigned to it.
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
The Yahoo Pentest Team
Darien Huss — Emerging Threats
FireEye
Dennis Lee
Known issues & missing features
If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
The OISF development team is proud to announce Suricata 2.1beta3. This is the third beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch.
Download
Get the new release here:
... [More]
http://www.openinfosecfoundation.org/download/suricata-2.1beta3.tar.gz
New Features
Feature #1309: Lua support for Stats output
Feature #1310: Modbus parsing and matching
Improvements
Optimization #1339: flow timeout optimization
Optimization #1371: mpm optimization
Feature #1317: Lua: Indicator for end of flow
Feature #1333: unix-socket: allow (easier) non-root usage
Feature #1261: Request for Additional Lua Capabilities
Bugs
Bug #977: WARNING on empty rules file is fatal (should not be)
Bug #1184: pfring: cppcheck warnings
Bug #1321: Flow memuse bookkeeping error
Bug #1327: pcre pkt/flowvar capture broken for non-relative matches (master)
Bug #1332: cppcheck: ioctl
Bug #1336: modbus: CID 1257762: Logically dead code (DEADCODE)
Bug #1351: output-json: duplicate logging (2.1.x)
Bug #1354: coredumps on quitting on OpenBSD
Bug #1355: Bus error when reading pcap-file on OpenBSD
Bug #1363: Suricata does not compile on OS X/Clang due to redefinition of string functions (2.1.x)
Bug #1365: evasion issues (2.1.x)
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
Ken Steele — Tilera/EZchip
David Diallo
Duarte Silva
Giuseppe Longo
Jason Ish
Travis Green — Emerging Threats
Known issues & missing features
In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
The OISF development team is pleased to announce Suricata 2.0.6. This release fixes a number of important issues in the 2.0 series. The most important part is the fixing of evasion issues, therefore upgrading is highly recommended!
Download
Get
... [More]
the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.6.tar.gz
Changes
Bug #1364: evasion issues
Bug #1337: output-json: duplicate logging
Bug #1325: tls detection leads to tcp stream reassembly sequence gaps (IPS)
Bug #1192: Suricata does not compile on OS X/Clang due to redefinition of string functions
Bug #1183: pcap: cppcheck warning
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
Martin Küchler
Known issues & missing features
If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
The OISF development team is pleased to announce Suricata 2.0.5. This release fixes a number of important issues in the 2.0 series.
Download
Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0.5.tar.gz
Changes
... [More]
Bug #1190: http_header keyword not matching when SYN|ACK and ACK missing
Bug #1246: EVE output Unix domain socket not working
Bug #1272: Segfault in libhtp 0.5.15
Bug #1298: Filestore keyword parsing issue
Bug #1303: improve stream ‘bad window update’ detection
Bug #1304: improve stream handling of bad SACK values
Bug #1305: fix tcp session reuse for ssh/ssl sessions
Bug #1307: byte_extract, within combination not working
Bug #1326: pcre pkt/flowvar capture broken for non-relative matches
Bug #1329: Invalid rule being processed and loaded
Bug #1330: Flow memuse bookkeeping error (2.0.x)
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
Jason Ish — Endace/Emulex
Ken Steele — Tilera
lessyv
Tom DeCanio — FireEye
Andreas Herz
Matt Carothers
Duane Howard
Edward Fjellskål
Giuseppe Longo
Known issues & missing features
If you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community. [Less]
|
The OISF development team is proud to announce Suricata 2.1beta2. This is the second beta release for the upcoming 2.1 version. It should be considered a development snapshot for the 2.1 branch.
Download
Get the new release here:
... [More]
http://www.openinfosecfoundation.org/download/suricata-2.1beta2.tar.gz
New Features
Feature #549: Extract file attachments from emails
Feature #1312: Lua output support
Feature #899: MPLS over Ethernet support
Feature #383: Stream logging
Improvements
Feature #1263: Lua: Access to Stream Payloads
Feature #1264: Lua: access to TCP quad / Flow Tuple
Feature #707: ip reputation files – network range inclusion availability (cidr)
Bugs
Bug #1048: PF_RING/DNA config – suricata.yaml
Bug #1230: byte_extract, within combination not working
Bug #1257: Flow switch is missing from the eve-log section in suricata.yaml
Bug #1259: AF_PACKET IPS is broken in 2.1beta1
Bug #1260: flow logging at shutdown broken
Bug #1279: BUG: NULL pointer dereference when suricata was debug mode.
Bug #1280: BUG: IPv6 address vars issue
Bug #1285: Lua – http.request_line not working (2.1)
Bug #1287: Lua Output has dependency on eve-log:http
Bug #1288: Filestore keyword in wrong place will cause entire rule not to trigger
Bug #1294: Configure doesn’t use –with-libpcap-libraries when testing PF_RING library
Bug #1301: suricata yaml – PF_RING load balance per hash option
Bug #1308: http_header keyword not matching when SYN|ACK and ACK missing (master)
Bug #1311: EVE output Unix domain socket not working (2.1)
Special thanks
We’d like to thank the following people and corporations for their contributions and feedback:
Tom Decanio — FireEye
Ken Steele — Tilera
Giuseppe Longo — Emerging Threats & Ntop
David Abarbanel — BAE Systems
Jason Ish — Endace/Emulex
Mats Klepsland
Duarte Silva
Bill Meeks
Anoop Saldanha
lessyv
Known issues & missing features
In a beta release like this things may not be as polished yet. So please handle with care. That said, if you encounter issues, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal. With this in mind, please notice the list we have included of known items we are working on. See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.
About Suricata
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.
[Less]
|
The OISF team is proud to announce the start of the Suricata training program. In this program, we’ll be delivering 1 and 2 day user trainings for Suricata.Some of topics that will be covered over the course of the 2-days include:
Compiling
... [More]
, Installing, and Configuring Suricata
Performance Factors, Rules and Rulesets
Capture Methods and Performance
Event / Data Outputs and Capture Hardware
Troubleshooting Common Problems
Advanced Tuning
Integration with Other Tools
This dynamic, hands-on, 2 day Suricata training will be delivered by the OISF development and support team. So apart of the great content on how to install, use and troubleshoot Suricata, you will also have the great opportunity to talk in-depth about Suricata with it’s creators.Proceeds of the trainings go straight into supporting Suricata’s development, so not only will you learn a great deal, you’ll actually be supporting Suricata’s development by taking this training.
We’re kicking off with 3 training sessions in Europe in the last quarter of 2014. For early 2015, we’re planning to do a number of US trainings. Keep an eye on this space for updates. Also, dedicated on-site training options are available.Amsterdam, October 13 and 14: 2 day trainingThis training session will take place on October 13 and 14 in down town Amsterdam. It will be given by Suricata lead developer Victor Julien, and OISF president and Emerging Threats CTO Matt Jonkman. Also in the room: master rule writer William Metcalf.You can register through eventbrite here: https://www.eventbrite.com/e/suricata-training-event-tickets-13264631871This event is generously hosted by our friends from Intelworks.
Luxembourg, October 20: 1 day workshopThis workshop will take place on October 20 in the conference hotel of the excellent Hack.lu conference. It will be given by Suricata lead developer Victor Julien, Suricata developer Eric Leblond and Suricata expert Peter Manev.This event is generously hosted by our friends from Hack.lu. You can register through eventbrite here:https://www.eventbrite.com/e/suricata-workshop-hacklu-tickets-13329929177A registration / ticket for the Hack.lu conference is NOT required for this event. Of course, we do highly recommend the conference!DeepSec - Vienna, November 18 and 19: 2 day training eventThis training session will take place on November 18 and 19 at the DeepSec conference. It will be given by Victor Julien, Eric Leblond, Peter Manev and Matt Jonkman.The event is part of the DeepSec conference, so registrations/bookings go through: https://deepsec.net/register.htmlSee also http://blog.deepsec.net/?p=1893Trainings are tracked on their own page here: http://suricata-ids.org/training/. For questions or more info, please contact us at [email protected]! [Less]
|
