Snort mailing list archives
Re: Snort 1.90 no Spade?
From: James Hoagland <hoagland () SiliconDefense com>
Date: Sat, 5 Oct 2002 13:19:05 -0700
Hello Shane, At 4:06 PM -0600 10/4/02, Shane Hickey wrote:
I'm afraid I haven't read the list in quite some time, so I apologize if this has been answered. I checked the FAQ and the archives and didn't see mention of it. Anyway, I'm running Snort on RedHat installed from RPMs. It's always included Spade, but 1.90 doesn't seem to. Is there a reason for this, or was it an oversight.
I'm glad you asked. I provided a version of Spade for Snort 1.9 (somewhat enhanced over the version in Snort 1.8.7) to the Snort developers on July 20, 2002. Since then, we have not received any substantive feedback on it from anyone with commit privileges despite repeated queries. So, regrettably, we are back to the model of providing Spade as an add-on package. (This was the model prior to Spade being incorporated in Snort with Snort 1.7.0.)
In the mean time, we've been making some significant enchantments to Spade. These are nearly complete, so we'll release that version as soon as it is ready (probably this Monday). It'll be available from the Silicon Defense web site and probably also via Snortenstein.
http://www.silicondefense.com/software/spice/ http://sourceforge.net/projects/snortenstein/ If you can't wait, you can get the version I submitted on July 20: http://citadelle.intrinsec.com/mailing/current/HTML/ml_snort-dev/1238.html
I found that I caught many intrusions that I wouldn't have seen otherwise when I was using Spade, although, I wish you could tell it to ignore certain source networks.
I'm glad you found it useful and I don't think you were alone. Is there some specific reason you wanted to ignore certain sources? (I'm trying to see if the problem has been addressed already.)
Best regards, Jim -- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: IDS Solutions --- *| |* hoagland () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.90 no Spade? Shane Hickey (Oct 04)
- Re: Snort 1.90 no Spade? James Hoagland (Oct 05)
- Re: Snort 1.90 no Spade? james (Oct 05)
- Re: Snort 1.90 no Spade? James Hoagland (Oct 05)