Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snort up For Revamp, says Creator

Posted by Hemos on Monday May 24, 2004 @04:16AM from the keeping-up-with-the-times dept.

A reader writes:"The creator of Snort, the open-source network-based Intrusion Detection System (IDS), says the software is up for an overhaul. Martin Roesch has told the AusCERT conference IDS has failed to impress the market, citing the inability of many to minimise the number of false alarms triggered by the monitoring devices. The next iteration will include "passive discovery" features."

2 of 148 comments (clear)

Min score:

Reason:

Sort:

Open Source IDS Correlation by dcgrigsby · 2004-05-24 04:29 · Score: 5, Informative

Some of what Martin says regarding minimizing false positives by correlating an attack with the correct platform, etc. is already being done by the open source IDS correlation project QuidScore:

http://quidscor.sourceforge.net/
Re:Cool, but effective? by homer_ca · 2004-05-24 05:10 · Score: 5, Informative

You make a good point about people vs. technology. In security, policy is as important as firewalls. If IM's are prohibited by company policy and blocked so that advanced measures like httport are required to circumvent your block, you have good cause to reprimand someone found using IM.