Snort mailing list archives
Re: Snort getting RNA-like overhaul?
From: "Sam" <sam () neuroflux com>
Date: Mon, 24 May 2004 08:47:48 -0600 (MDT)
Wow, this sounds really promising. I'm curious though, if they take snort down this road, what will the market be for Sourcefire? It seems like they would want to keep this for their commercial product, imho. -Sam Keith W. McCammon said:
[Apologies if this is too "general discussion" for anyone's taste--please respond off-list if you don't care to muddy everyone's inbox with replies.] I caught a headline on ZDNet this morning related to Marty's AusCERT seminar. Bottom line: Marty made some mention of a potential overhaul of the Snort engine to support more RNA-like activities (basically taking Snort from the more traditional IDS space into the general policy-enforcement arena). The article: <http://www.zdnet.com.au/news/security/0,2000061744,39148508,00.htm> DC SUG post from this AM: <http://tinyurl.com/2v9xp> Anyway, I was just curious what type of attention this has been getting within the more active Snort development and planning circles. I know it's been discussed within Sourcefire, as well as on this list (in a more general sense), but I wasn't sure if anything was on paper. I know it's a lot of work, so I'm specifically curious how Snort's existing framework would map simultaneously to policy-based specs as well as the traditional rules and inspection engine. Again, more personal interest than anything else, so any comments, thoughts, detailed road map documentation welcome... Cheers Keith ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort getting RNA-like overhaul? Keith W. McCammon (May 24)
- Re: Snort getting RNA-like overhaul? Sam (May 24)