Snort mailing list archives

Re: SPADE

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Tue, 14 Sep 2004 10:24:55 +0100



--On 14 September 2004 09:47 +0300 subway () jippii fi wrote:

Hello,

SPADE is Statistical Packet Anomaly Detection Engine for Snort. Does
anyone know if it is still being developed?


I don't think so, no.

The website http://www.silicondefence.com/ has disappeared and that's
where SPADE was available.


Silicon Defense's assets were bought by Demarc.

I know SPADE is also included in snort-2.2.0.tar.gz.

That doesn't appear to be the case. The latest version of SPADE appears tobe included in the OS-SIM snort (src.)RPM. It patches cleanly into Snort2.2.0 and appears to work (though it needs a bit of patching to preventsnort segfaulting on plugin cleanup when run in -T mode).

Another question: is there any paper available where techniques used by
SPADE are described in detail?


RTFS ? ;-)

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on

who ports your project to Linux PPC the best. Sponsored by IBM.Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SPADE subway (Sep 13)
- Re: SPADE Alex Butcher, ISC/ISYS (Sep 14)
- <Possible follow-ups>
- SPADE subway (Sep 14)
- SPADE Simon (Sep 20)
  - Re: SPADE Kevin Johnson (Sep 20)
    - RE: SPADE Michael Steele (Sep 20)