Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: My Experience with the new Sourcefire VRT rules..

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 8 Mar 2005 15:07:26 -0500
Hi Marc,
We're dealing with a few last minute issues on our end, things should be solid in the next 24 hours or so.
The cert was made for sourcefire.com, not snort.org originally. We're waiting on our cert from Thawte and it should be up today. The site is encrypted even if the cert isn't "valid" for the domain, if you're in firefox you can hit <alt-i> to pull up site info and click on the Security tab to see if the site is cleartext or encrypted if you need to prove it to yourself. We wouldn't expect you to transmit info in the clear obviously.
The subscription form has the rates in the first line of the form. It's $195/495/1795 per month/quarter/year respectively. You need a free registration to subscribe.
We apologize for the rule lookup being inactive right now, we're working on it. 

     -Marty

On Mar 8, 2005, at 1:19 PM, Marc Hering wrote:


 
Well,
I know there has been a lot of debate over the new VRT Rules and licensing methods from Sourcefire.  I was staying on the sidelines due to my relative newness to Snort in general, but now that I have had some interaction with the new website I wanted to let everyone know my experiences..  This is just what happened to me, and I am not trying to start any flame wars...so if you agree with me then great, if you don't agree with me then great! 
 
Let me start out by saying that I personally don't have a problem with what SF is doing,  After all, if I didn't want to pay I can still get the rules 5 days later for free or write my own.  but since I need the rules pretty fast (and I am not the best at writing rules..) I was ok with paying the subscription fee.   So I mosey on over to snort.org and try to sign up.  
  
Well, all I can say is that if you are like me and don't mind paying the subscription, then GOOD LUCK!!  Finding the pricing is damn near impossible, and when you follow the link to even sign up, it tries to take you to a secure site THAT HAS AN INVALID CERTIFICATE! (the cert is valid, but it doesn't protect snort.ort  it is for sourcefire.com)   then when I get to the signup page, firefox reports that this site is not secure at all (even though it says https, there is no encryption going on) Yean I'm gonna transmit info plaintext..NOT!   And still no mention of how much it costs until after you create an account.....  Oh and for all you ACID users out there, I just found out that you can't do a rule lookup anymore even if you are a subscriber ( In their defense, they DO say the rule lookup function is forthcoming and I am sure some clever person will write a patch eventually) 
 
I completely understand why Sourcefire is changing the way the rules are distributed, and I support them in it after all, they do deserve to get paid for hard work, however if they are going to make a change like this that affects the whole snort community, then I would request that they at least make sure that everything works before they put it live! 
Thanks!
 
</rant mode>


--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend. - http://www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http://www.snort.org 



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: