Snort mailing list archives
Re: [Emerging-Sigs] [Snort-users] VRT on Suricata
From: Jamie Riden <jamie.riden () gmail com>
Date: Wed, 21 Jul 2010 22:41:17 +0100
Please guys, this discussion does not belong on *-sigs - and probably not on snort-users for that matter. I suspect we all have our opinions that aren't going to be significantly shifted by anything except published benchmarks and real-world experience. cheers, Jamie On 21 July 2010 22:15, evilghost () packetmail net <evilghost () packetmail net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1Let's be clear, you initiated this discussion in public, we responded when the press started calling us and asking us for our thoughts. When these things happen we usually blog about it so that we can point to our blog posts instead of having to rehash the same arguments over and over and so that we have a central point of discussion. If the phone hadn't started ringing here there would be no blog posts and no reactions in the press. We didn't attack Suricata, we showed the data that we had and responded to criticisms vis a vis multithreading, performance, IPv6, etc. The editorializing that I provided regarding the necessity of reimplementing the Snort detection model at taxpayer expense when they already get it for free was, I think, justified.Marty, these words are acidic on the VRT blog and clearly defy your statement about not attacking Suricata: "I'm just disappointed with where they've ended up and what they've delivered." "Suricata's developers harp on a lot of different issues, some of which are valid, and some are simply wrong." "Suricata's performance isn't just bad; it's hideously, unforgivably bad." "They've failed, utterly, to deliver on their promises. This is forgivable on the performance front, that problem is non-trivial. But in the end, what they've built is a poorly functioning Snort-clone, missing the most powerful detection capability that Snort has. There isn't anything in the way of innovation; they are taking the same approach as everyone else from a detection standpoint. Simply put, rehashing isn't innovation." "And we didn't even cost you a million dollars." I don't think anyone really had an issue with the response from a technical aspect. Attacking and insulting the participants was heinous and pretty damning and seemed quite out of character for Matt Olney; was he a puppet for the response? Clearly the response on the VRT blog is filled with emotion and lashing out in anger. - -evilghost
-- Jamie Riden / jamie () honeynet org / jamie.riden () gmail com http://uk.linkedin.com/in/jamieriden ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: [Emerging-Sigs] VRT on Suricata Matt Jonkman (Jul 21)
- Re: [Emerging-Sigs] VRT on Suricata Martin Roesch (Jul 21)
- Message not available
- Re: [Emerging-Sigs] [Snort-users] VRT on Suricata Jamie Riden (Jul 21)
- Re: [Emerging-Sigs] [Snort-users] VRT on Suricata waldo kitty (Jul 21)
- Message not available
- Re: [Emerging-Sigs] VRT on Suricata Matt Jonkman (Jul 22)
- Re: [Snort-sigs] [Emerging-Sigs] VRT on Suricata Crook, Parker (Jul 22)
- Re: [Snort-sigs] [Emerging-Sigs] VRT on Suricata Matthew Olney (Jul 22)
- Re: [Snort-sigs] [Emerging-Sigs] VRT on Suricata Al MailingList (Jul 22)
- Message not available
- Re: [Emerging-Sigs] [Snort-sigs] VRT on Suricata Matt Olney (Jul 22)
- Re: [Emerging-Sigs] VRT on Suricata Martin Roesch (Jul 21)