Snort mailing list archives
Re: rules downloads and whatever..
From: SN ORT <snort_on_acid () yahoo com>
Date: Tue, 19 Sep 2006 12:45:26 -0700 (PDT)
I'm talking strictly what used to be at snort.org, where new sigs used to come out free, every night or close to that. Whatever SF does is not related to what I'm saying here. I'm talking about the non-commercial side of Snort. The commercial side of Snort grew from EXACTLY my point, "build confidence, reputation, and then start making the big $$$$$!" (Hey, I'm all for that!) For new sigs, you either gotta go somewhere else, get/develop your own, which now requires significantly more manual effort, wait a few days for snort.org to release the free ones or pay for subscription sigs if you want to take a more proactive approach (OK, who doesn't want to catch 0-day exploits? Or even 1-day!?) But this is all IDS stuff anyways. What good is IDS AFTER the fact? You could always tell your boss, "Hey, here's what we were hit with." I wouldn't pay for an IDS, I'd pay for IPS and the things I use to proactively protect my network, which have support for 0-day exploits. Anyways I think we all know the comunity-developed rules are a bit of a joke. They may be somewhere on the order of 5-day exploit detection...and even then, like I said, it's only detection. Serious, error-free or damn close to err0r-free, proactive exploit protection is what I use, and for many years now, while most other people are out there still afraid to, "block legitimate traffic!" Too many people worried about the "new worms". I could care less about viruses, I just want to keep out any exploits, and not worry about the carrier. Sorry, got off topic there. Cheese! Marc ------------------------------ Message: 4 Date: Tue, 19 Sep 2006 13:47:58 -0400 From: Matt Kettler <mkettler () evi-inc com> Subject: Re: [Snort-users] rules downloads and To: SN ORT <snort_on_acid () yahoo com> Cc: snort-users () lists sourceforge net Message-ID: <45102D4E.4050006 () evi-inc com> Content-Type: text/plain; charset=ISO-8859-1 SN ORT wrote:
Oh well, since you know Marty so well, you're like close friends now, maybe you can explain why people now have to pay for the latest sigs?
Erm, you only have to pay to get the latest signatures that SourceFire developed internally. All the community-developed rules are not delayed, nor for pay. Also previously these SourceFire signatures were not available on a early basis to normal snort users at all, only users of the commercial sourcefire boxes could get them early. Snort users had to wait. This is the way been. SF made no secrets about it, and I do recall it being mentioned several times on the list that they updated their commercial subscribers first, then made their releases to the snort userbase later. This is all long before the for-pay option existed. So while this looks like SF is taking something away to gain a profit, they're really offering something they never offered before. It's a way for the free product users to step up to the same level of rule updates as the commercial product, but with reduced cost (and none of the other commercial product features like RNA). Personally, I like it, and think it's a good way for SF to get money to continue to feed their rule research team.
I'm not faulting people for trying to make a buck, I'm just saying it's a bit foolish to rely soley on a free product to protect your network and expect it to remain free and last forever. Open source is a Godsend, but let's be realistic: another reason to make a great open-source product
is
to build confidence, reputation, and then start
making
the big $$$$$! This is a natural progression of things, and sooner or later programmers have to make money.
While there's some truth in what you say, there's also a lot of fallacy in it. Many free products do have a lot of potential to last forever. These are mostly tools where the developer needs the tool help them in their normal for-pay job. Tools like tcpdump/Ethreal will probably always have developers contributing to it for free, because many developers working on other network technologies rely on it, and often find/fix bugs in it as a side-effect of doing other for-pay work. Now I'd agree, snort may not fall into this, but it's a pure fallacy to think this can't ever happen to any software tool. It can, and does. ------------------------------ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: rules downloads and whatever.. SN ORT (Sep 19)