Re: Snort-inline in embedded device

[<ravivsn () roc co in>]

Hi Aravind,
Adding to Matt's comments
> Really, if you're considering doing it, you should already know the pros
>  and cons.
True, if you have experience with snort_inline, by this time you would
have known them
> Quite frankly, the fact that it's an embedded device is almost
> completely  irrelevant.
> > Issues that _matter_ are bigger picture ones. How often are updates
> going  to be performed?

yes,you should have a mechnaism which automagically downlaods sigs to your
box periodically
Snort or snort_inline are  aimed at proving a concept and not aimed at
end-users.
Your goal should be making snort a user friendly software. But anything
you work on snort becomes a GPL'd software.

Most important thing is the dynamic reading of rules. Snort lacks this
capability. If you are updating rules, you need to restart snort to become
effective.

 Will they be done regularly? Do your really want
> an IPS in  the first place?
>
> The other bigger picture issues are licensing based, but the linux
> kernel  is already GPL, so the addition of snort-inline doesn't change
> that.

I donno much about GPL. AFAIK, you must also give the sources away to the
customer then.

Cheers,
-Ravi
Rendezvous On Chip (I) Pvt Ltd
http://www.roc.co.in






-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users