IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS Opinions

From: Brian <bmc () snort org>
Date: Mon, 7 Jun 2004 15:27:27 -0400
On Mon, Jun 07, 2004 at 08:15:46AM +0200, Nik Schild wrote:

why is nobody talking about prelude (http://www.prelude-ids.org)?
It's supposed to perform much better than snort and fits better into
large environments, it's much more felxible becasue prelude is more
a framework than just a single IDS.


That is one statement I am *very* tired of hearing.  Why?  Because its
a statistical lie.  

Prelude markets themselves as a framework, not just an NIDS.  Prelude,
as a whole, does quite a bit more than Snort.  The prelude developers
don't make statements like "we are faster than snort", they make
statements like "We do lots of stuff in addition to NIDS".  

BTW, firestorm is "more" guilty of this statistical lie.

A number of snort-a-like implementations have popped up with
statements like "We are faster than snort" but neglect to finish the
statement with "if you only include the 30% of the rules that we
support in our stuff and all of the rules in Snort."

Only once all of the rules that ship with snort are supported by
snort-a-like implementations, or they provide their own "complete"
ruleset, can those snort-a-like implementations make those claims
without it being a lie.

Brian

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: