Of particular interest is the rule distribution. As a member of a 'subscribed organization' I have access to rules newer than the publicly available ones (because we pay for them). However, we *still* rely on custom, privately deveopled rules as well.Source
Snort v2.4 is now officially available. This release includes a number of new features, fixes and performance enhancements, including the Frag3 preprocessor, a target-based IP defragmentation module and an "ftpbounce" rule detection plugin.
With this release, rules are no longer distributed as part of the Snort releases, they are available as a separate download from snort.org. This was done for three reasons:
1. To better manage the new rules licensing
2. To reduce the size of the engine download
3. To move the thousands of documentation files for the rules into the rules tarballs. If you've ever checked Snort out of CVS you'll know why this is a Good Thing
Snort tarballs and RPMs as well as detailed set of release notes are available at http://www.snort.org/dl