Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort rules

From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 28 Apr 2005 19:40:12 -0400
Paul Schmehl wrote:


--On Thursday, April 28, 2005 06:01:01 PM -0400 Matt Kettler
<mkettler () evi-inc com> wrote:



You only have to pay to get the rules written by sourcefire's VRT group
in a timely fashion. You can get them for free with a 5 day delay.

Community written rules are also still freely updated on a timely basis.


The more I think about this, the more I like it.  The only people this
change penalizes are vendors who *used* to "steal" snort without
giving Sourcefire and Marty any credit and who want to convince their
customers that they *always* have the latest and greatest rules (so
they can't afford to wait the five days.)  And that's exactly why this
change was made.

The average schmoo like me can get their rules from anywhere or write
their own.  And five days after the "big boys" get theirs, I have the
*same* rules they do.

Seems like a win-win to me. 


Yep, and really the 5 day delay for the VRT rules was actually in effect
a LONG time ago. It's been in effect for the snort community for so long
you probably never realized it was there.

Previously, the *only* way to get VRT rules quickly was to own a
Sourcefire IDS device. A open-source snort user had to wait 5 days. This
has been the state of things for several years.


From the snort user side, to me it's pure bonus. Previously SF was

contributing their VRT rules to the open-source snort users after 5
days. Now you can still get them for free after 5 days, or you can pay
to get them at the same time as the SF device owners.

Really, the biggest change isn't that SF is delaying giving you rules,
it's that they've given you an option to get them faster than before.
The other big change is they've changed the license on the VRT rules to
restrict their use by direct competitors to the SF preconfigured snort
boxes. That really doesn't bother or affect me as I don't bundle/resell
snort systems. I'm a user.





-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: