The Snorby virtual appliance provides a preconfigured out of the box Snorby front-end  for snort, the popular intrusion detection system . The Snorby interface is  developed by Dustin Webber. This appliance is indicated for security professionals with a depth knowledge of intrusion detection and security  monitoring.  Nevertheless beginners can use the appliance to to understand and learn about intrusion detection and network security.

Click here for notes and download

A beta version of Snort 2.8.5 is now available on snort.org, at
http://www.snort.org/dl/

Snort 2.8.5 introduces:

- Ability to specify multiple configurations (snort.conf and everything
it includes), bound either by VLAN ID or IP Address. This allows you
to run one instance of Snort with multiple snort.confs, rather than
having separate processes.

- Continued inspection of traffic while reloading a configuration.
Add –enable-reload option to your configure script prior to building.

- Rate Based Attack prevention for Connection Attempts, Concurrent
Connections, and improved rule/event filtering. See README.filters
for details.

- SSH preprocessor (no longer experimental)

- Performance improvements in various places

Please see the Release Notes and ChangeLog for more details.

Please submit bugs, questions, and feedback to snort-beta@sourcefire.com.

Happy Snorting!
The Snort Release Team

Hi all,

As many of you know the Snort project recently reached its 10th Anniversary.  In honor of this milestone we’re giving Snort a new website to call home.  This site update is much more than just a new look and feel.  We’re rebuilding the site from the ground up to better serve the needs of the Snort Community.  Once the site is complete, some of the improvements you’ll see are:

•    Simplified navigation including a new persistent links panel at the bottom of every page allowing you to get the content you need from anywhere on the site
•    Improved user account management allowing you to edit all of your profile information including your email address
•    New Forums application with the ability to rate posts
•    Improved management of VRT Subscriptions including the ability to generate multiple Oinkcodes

The new Snort.org site is still in development but we’ve reached a point where we’d like to ask you, the community for feedback.  We’ve released a beta site at: http://beta.snort.org that we’d like you to review and provide feedback on.  We’d primarily like your feedback on the new look and feel, updated navigation and content on the site. We’d also like you to submit enhancement requests for new features and content you’d like to see on Snort.org

We’d particularly like to get specific feedback on additional content that you as a Snort user, rule writer or someone who is developing related projects would like to see on the site that would help you in your day to day life with Snort.

This is a live project and we’ll continue to add functionality and content based on your feedback.  In this beta release some of the site functionality has been disabled.  At this time you will not be able to register an account, log in, post to the forums, generate Oinkcodes, or buy a VRT subscription, but all other site features are open for your review.  We’ll migrate all user account and subscription information prior to the site going live.

All feedback should be submitted via a very short survey at: https://www.surveymonkey.com/s.aspx?sm=WjBviOcPU5nPg5002A12pg_3d_3d.

Thanks for you help and feedback on this project.

Mike Guiterman (Sourcefire)

Snort 2.8.4 is now available on snort.org, at http://www.snort.org/dl/

Snort 2.8.4 introduces:

- A revised DCE/RPC preprocessor with more rule options

With the new DCE/RPC preprocessor, there will be a number of updates to the rules. Please be sure to update your rules to the latest when that package is available (next few days).

- Support for IPv6 in Frag3 and all application preprocessors

- Improved target-based support in preprocessors

- Option to automatically pre-filter traffic that is not inspected in order to improve performance

- Several other improvements and fixes

Please see the release notes and changelog for more details.

Please submit bugs, questions, and feedback to bugs@snort.org.

Happy Snorting!
The Snort Release Team

http://securitysauce.blogspot.com/2009/04/snort-30-beta-3-released.html

http://www.snort.org/dl/snortsp/

Snort Security Platform (SnortSP) 3.0 Beta

We’re pleased to introduce our first beta release built on the new Snort 3.0 architecture. The Snort 3.0 architecture consists of two primary components: a software platform called the Snort Security Platform (SnortSP) 3.0, which is shipping in beta form in this release, and traffic analysis engine modules that plug into SnortSP. This beta test release contains one engine module which contains the Snort 2.8.2 detection engine implemented as a SnortSP engine module. SnortSP is an open-source platform for running packet-based network security applications. It provides many of the common functions required by programs that deal with packet processing such as configuration loading, event generation and traffic logging, data acquisition, protocol decoding and validation, flow management, and more.

Major features:

• Shell-based user interface with embedded scripting language
• Native IPv6, MPLS and GRE support
• Native support for inline operation
• More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
• Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic
• Performance increases

The purpose of this beta release is to allow people to get exposure to the technology and to use the code in real-world environments - and as an opportunity to solicit feedback on the design and user experience of the new Snort code.

The Snort 2.8 beta is now available on CVS for download and testing.

Binaries will be available within a few days.

Feature highlights:

* Port lists
* IPv6 support
* Packet performance monitoring
* Experimental support for target-based stream and IP frag reassembly
* Ability to take actions on preprocessor events
* Detection for TCP session hijacking based on MAC address
* Unified2 output plugin
* Improved performance and detection capabilities

Please submit bugs, questions, and feedback to snort-beta at sourcefire.com.