Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [SPAM] - Re: My Experience with the new Sourcefire VRT rules.. - Email found in subject

From: "Marc Hering" <mhering () reval com>
Date: Tue, 8 Mar 2005 15:20:51 -0500
Thanks for the update Martin,   I figured it was something like that,  I did the Alt-I in Firefox and didn't see the 
encryption....

I'll check back in in the next 24 hours.

Thanks!


Also, does VRT plan to have a "one off" download plan,,,IE a company doesn't want to pay a yearly subscription, but if 
a MAJOR worm comes out they can pay a one time fee and get the updated rules? 

Thanks 

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com] 
Sent: Tuesday, March 08, 2005 3:07 PM
To: Marc Hering
Cc: snort-users () lists sourceforge net
Subject: [SPAM] - Re: [Snort-users] My Experience with the new Sourcefire VRT rules.. - Email found in subject

Hi Marc,

We're dealing with a few last minute issues on our end, things should be solid in the next 24 hours or so.

The cert was made for sourcefire.com, not snort.org originally.  We're waiting on our cert from Thawte and it should be 
up today.  The site is encrypted even if the cert isn't "valid" for the domain, if you're in firefox you can hit 
<alt-i> to pull up site info and click on the Security tab to see if the site is cleartext or encrypted if you need to 
prove it to yourself.  We wouldn't expect you to transmit info in the clear obviously.

The subscription form has the rates in the first line of the form.  
It's $195/495/1795 per month/quarter/year respectively.  You need a free registration to subscribe.

We apologize for the rule lookup being inactive right now, we're working on it.

      -Marty

On Mar 8, 2005, at 1:19 PM, Marc Hering wrote:


 
Well,
 I know there has been a lot of debate over the new VRT Rules and 
licensing methods from Sourcefire.  I was staying on the sidelines due 
to my relative newness to Snort in general, but now that I have had 
some interaction with the new website I wanted to let everyone know my 
experiences..  This is just what happened to me, and I am not trying 
to start any flame wars...so if you agree with me then great, if you 
don't agree with me then great!
 
Let me start out by saying that I personally don't have a problem with 
what SF is doing,  After all, if I didn't want to pay I can still get 
the rules 5 days later for free or write my own.  but since I need the 
rules pretty fast (and I am not the best at writing rules..) I was ok 
with paying the subscription fee.   So I mosey on over to snort.org 
and try to sign up.
  
Well, all I can say is that if you are like me and don't mind paying 
the subscription, then GOOD LUCK!!  Finding the pricing is damn near 
impossible, and when you follow the link to even sign up, it tries to 
take you to a secure site THAT HAS AN INVALID CERTIFICATE! (the cert 
is valid, but it doesn't protect snort.ort  it is for
sourcefire.com)   then when I get to the signup page, firefox reports 
that this site is not secure at all (even though it says https, there 
is no encryption going on) Yean I'm gonna transmit info 
plaintext..NOT!   And still no mention of how much it costs until 
after you create an account.....  Oh and for all you ACID users out 
there, I just found out that you can't do a rule lookup anymore even 
if you are a subscriber ( In their defense, they DO say the rule 
lookup function is forthcoming and I am sure some clever person will 
write a patch eventually)
 
I completely understand why Sourcefire is changing the way the rules 
are distributed, and I support them in it after all, they do deserve 
to get paid for hard work, however if they are going to make a change 
like this that affects the whole snort community, then I would request 
that they at least make sure that everything works before they put it 
live!
Thanks!
 
</rant mode>


--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover.  Determine.  Defend. - 
http://www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http://www.snort.org



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: