Snort mailing list archives
Re: Snort 1.9 vs 2.0
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 11 Oct 2002 10:16:41 -0400
On Friday, October 11, 2002, at 10:03 AM, Hervé Debar wrote:
Martin Roesch wrote:No, let me explain. Snort 1.9.0 was released last week. The merge that we did last night is the basis of the Snort 2.0 development branch, basically Snort with several extensions that were developed at Sourcefire to enable us to hit gigabit speeds. The Sourcefire extensions are open source and available under the GPL, just like the rest of Snort. The only difference is that we spent several hundred thousand dollars on salaries, equipment and hard core research to bring this update to you instead of having me try to write it in my spare time. :) The Snort 2.0-dev branch is the CVS HEAD now, the Sourcefire mods have been released into the open source domain as part of our "ethical contract" with the Open Source community to bring the best of commercial development contributions (money, test equipment, people who get paid to work on this stuff) with the best of the open source contributions (huge QA team, tight feedback between developers and users, continuous improvement of codebase). I hope you guys will enjoy this monumental leap in performance that we've just contributed and that we can all continue to have fun and make Snort the best IDS possible!So IIUC, snort-devel on snort.org is snort 2.0 on sourcefire, right ?
Right, this is the sensor code that is the basis of the new Network Sensor 3000 from Sourcefire, our gigabit sensor.
Am I right in assuming that the rule writing is also changing ?
The rules language is maturing as we identify new methods to detect attacks more accurately/flexibly and develop language to describe the things that we're interested in. The rules are changing to take advantage of the stateful analysis mechanisms that we have available now, but old rules should still work.
-Marty
Thanks, Hervé -- Hervé Debar <mailto:herve.debar () francetelecom com> Tel: +33 (0)2 31 75 92 61 GSM: +33 (0)6 74 09 09 66 France Télécom R&D Fax: +33 (0)2 31 75 93 13 42 rue des Coutures (-/-) BP 6243 (-/-) F-14066 Caen Cedex 4
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9 vs 2.0 Hervé Debar (Oct 10)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 10)
- Re: Snort 1.9 vs 2.0 Andreas Hasenack (Oct 10)
- Re: Snort 1.9 vs 2.0 Martin Roesch (Oct 10)
- Re: Snort 1.9 vs 2.0 Hervé Debar (Oct 11)
- Re: Snort 1.9 vs 2.0 Martin Roesch (Oct 11)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 11)
- Re: Snort 1.9 vs 2.0 Jens Krabbenhoeft (Oct 14)
- Re: Snort 1.9 vs 2.0 Andreas Hasenack (Oct 10)
- Re: Snort 1.9 vs 2.0 Florin Andrei (Oct 11)
- Re: Snort 1.9 vs 2.0 Erek Adams (Oct 11)
- Re: Snort 1.9 vs 2.0 Chris Green (Oct 10)