Slashdot Mirror
CheckPoint Acquires Snort
bobdehnhardt writes "The Snort-announce list was burning with the news that CheckPoint has signed an agreement to acquire Sourcefire, the commercial arm of the Snort community. As part of the agreement, CheckPoint will "continue to develop and distribute Snort under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site." Here is a message from Snort creator Marty Roesch."
best.Tool.Ever.
Hope this does not compromise the GPL nature of this fantasitic project.
" Here is a message from Snort creator Marty Roesch."
I'm rich I'm rich I'm filthy f*ckin rich!
"CheckPoint Acquires Snort"
That's OK. The Mob aquires "Inject".
I think its usefulness is very limited.
It is nice to know I am protecting/monitoring my LAN from KNOWN attacks,
is does very little to stop a determined attacker who can write
their own shellcode and exploits.
Which, if you hop on IRC now days, represents quite a few attackers.
The people we made fun of long ago have aquired the skills to get around
snort rather easily.
So, rest at night, thinking you have protected your lan, while in reality
you have not.
Even with such language, does that stop them from forking the sources and creating a new closed source program with a new name?
Interesting. Snort looks like a pretty cool tool. Anyone know more about it? How does it hold up against other intrusion detection packages?
And, any info on check point? I've heard of them, but haven't really seen much about their products.. then again, I code mainly, don't see much of the network admin side of IT. I try to keep up though.
Oh.. and since Snort.org looks like its flying toward slashdotted.. it barely loaded. Here's the letter.
------
October 6, 2005
To the Snort community:
I am very excited to announce that Check Point has signed an agreement to acquire Sourcefire, the company that develops the Snort® project and maintains the snort.org domain. I know that many of you are probably going to ask "what does this mean for Snort?", so I'd like to take a few minutes to talk about that.
I'll start by stating again what I've stated in the past, Snort is now and will continue to be free to end-users. We will continue to develop and distribute the Snort engine under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site. The community continues, as always, to be important to us as a group of people who use the code pervasively throughout the entire Internet, report on problems and make suggestions and contributions to the project. Check Point is very excited about continuing Sourcefire's involvement with the open source community!
I'd also like to take a moment to extend a personal "thank you" to the Snort community for your contribution to Sourcefire's success. Little did I know when I first decided to GPL and release Snort in 1998 that it would become the foundation of this worldwide community of hundreds of thousands of users and the core technology of Sourcefire at its founding, and now the launching point for an acquisition by one of the largest and most respected security companies in the world. All of us at Sourcefire look forward to taking our vision and technology to the next level as a vital part of a true industry leader and continuing to build the best open source intrusion detection and prevention technology in the world.
The acquisition is subject to regulatory conditions and approvals and is expected to close by Q106. You can review the press release and FAQ documents at http://www.checkpoint.com/sourcefire.
Sincerely,
Martin Roesch
Founder and CTO
Sourcefire, Inc.
-----
Code. Writing. Writing Code. Writing in general. What? They aren't -that- differnet.
Here is some more info from checkpoint including a FAQ.
/don't/ do is merge the two support teams. Sourcefire's support is decent, but checkpoints is down right awful.
http://www.checkpoint.com/sourcefire/
I use both firewall-1 and sourcefire currently. The one thing I hope they
Checkpoint are not known for being too interested in providing versions of their software for Linux. Lack of a current Linux checkpoint vpn client is all that's keeping me running a (gack) Windows machine in my home..
Soooo.... is Checkpoint Snort going to go Windows-only??
Then again, maybe this heralds a new era of cooperation between Checkpoint and the non-Windows world.
Article is Slashdotted. Here it is atmirrordot.
Checkpoint needs this type of network awareness technology to keep up with Cisco
I know they lost my company's contract because the network admins like the way Cisco stuff integrates
I'll start by stating again what I've stated in the past, Snort is now and will continue to be free to end-users. We will continue to develop and distribute the Snort engine under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site. The community continues, as always, to be important to us as a group of people who use the code pervasively throughout the entire Internet, report on problems and make suggestions and contributions to the project.
This is critical to me for many reason. It's good to see. Marty is a man of integrity & I'll bet this is in the aquisition contract
Check Point to acquire privately held Sourcefire for a total consideration of approximately $225 million.
Who says you can't make money from FOSS?
Marty deserves the fiduciary rewards he'll get for all his hard work over the years
Time flies like an arrow, fruit flies like a banana.
Wow, it's been a while since I've been to the Snort website. It got very corporatey professional looking.
So CheckPoint is Snorting now is it... Do the cops now, have the DEA been called in to raid their offices.
XML - A clever joke would be here if
CheckPoint Snorts SourceFire.
Snort is still an open source project.
(not that I'd suggest that Marty uses cocaine, just that his company is being snorted up, so to speak)
Free Software: Like love, it grows best when given away.
"Who says you can't make money from FOSS?"
Who says you can't make money blogging?
Does that mean my father will have to pay for permission when he chuckles?
This is no big deal. Snort will continue to be GPL and freely available to the world.
I'm more worried about the recent Nessus changes, have you heard about this?
Nessus License Change Announcement
Nessus 2 will continue to be free
Nessus 3 will be a free of charge, binary only release
Never ask for directions from a two-headed tourist! -Big Bird
Everything happening on your network should be authorized by you. If you're worried about security, then you need to get some benchmarks of the legitimate traffic on your network so you can have the system watch for different patterns.
Who are these companies?
/. Frankly, if you don't know who CheckPoint is, half of the stuff here has to be over your head, anyway.
Note to non-technical people: either STFU or stay the f*** off of
Can't we have some type of "technical abilities" test, so we can adjust a post's initial score, based on the result? Of course, we'd never see AC posts, but still - it's sad that someone had to use mod points on this.
There is. and you fail it.
And so on with every other port. Particularly if you have a well designed network where the workstations have no need to connect to other workstations.Nope. More like a workstation suddenly sending, via port 25 (SMTP), to a box outside your network. That's a huge flag.
It's very easy to do. You should already know what ports/protocols are in use on your network and what should be connecting on them to what. Start there and investigate any usage you didn't expect to see.
when he tried to cross the border with snort.
*DrugCheese rants*
checkpoint has had yet another security breach. this time, instead of all of their background records being released onto the internet, the source code of their newly acquired security tool, "snort" was released onto the internet. many have already downloaded this and started using free of charge, not to mention modifying it as they see fit and redistributing it also free of charge. this is a truly embarassing second offense for the security company.
What rock have you been under? If you like to keep up on network admin tools, then you are way behind. I first heard of Snort in 2001 or 2002. Snort runs on my IPCop firewall and scans for baddies trying to get in.
Hell, they are past version 2.4 and you are just NOW hearing about it? Holy crap!
--Somewhere there is a village missing an idiot.
Sorry for any CPFW1 fans but I think this stinks. CP's software has had a pretty bad history as far as performance(ie. only scales to 50k concurrent connections regardless of size of the firewall). Have you tried calling Isreal to get an activation key? I'd look for CheckPoint to hurt snort like 3com kills any products they offer.
honestly, why did you post this?
Is there any value whatsoever for the rest of the planet to read this of yours.
Think thrice, post once, economy of expression; all good things.
Peace.
Cheers.
i knew snort, and in IRC Marty, when he was unemployed, and planing to make sourcefire, and soon to be a father (dont know if for the first time), and I can tell you I'm pretty happy for his richness, he deserves it.
I'm positive, don't belive me look at my karma
And, of course, the classic.
"Do you like my hat? It's made of money! Would you like to stay for lunch? I think we're having MONEY!"
... every time I get one of these damn sinus infections, but I don't put out a damn press release about it.
I've found that my posts don't format quite right w/o a sig.
"snort" or "snort" as a software product belongs to him, or the company regardless of the licensing scheme attached to the product with the same name.
Who owns copyrights, trademarks, all of that garbage doesn't matter much when you are talking about GPL software. In a sense you are putting everything on the line when you release GPL software but you by no means are giving away the entire farm. The copyright is yours, we've covered this! When people contribute code then their code is © them and not you.
What's important, the initial question, is: What will happen to the code? Can it be put into closed source software?
Some of it could - provided that they (CheckPoint) purchased the rights to that specific code when they bought the farm. Ahem, so to speak. Sourcefire, Martin Roesch, whoever could have sold their code under their copyright's - but they can't remove it from the GPL project and can't prevent others from using it. Really, if someone helped edit a portion of the code during debugging then the developer could only sell a copy of their original submission (because they still retain their copyright; the derivative works aren't theirs because the nature of the license).
If you wrote code for Snort then you don't have anything to worry about (in theory only) unless you signed something. We'll see what happens I guess.
Get your Unix fortune now!
I see nothing positive about Snort being acquired by CheckPoint.
CheckPoint bought Zone Labs a couple of years ago and Zone Alarm went from being a rock solid firewall to an absolute mess. There are so many problems with the new version of Zone Alarm that their forums are filled with complaints.
...so that they can find out what's wrong with their shitty VPN software.
I have snort running with BASE, for a nice NID management setup. Without the rules, not much will happen.
There are currently three levels of access to rules, as seen at http://www.snort.org/rules/
1. Anyone can get the rule set that is released with the latest version.
2. People who pay the big bucks ($1,795/year) can get updated rule sets as soon as they are released.
3. A third level sits in the middle; where if you register with sourcefire you can get the updated rules five days after they are released to the premium members.
Martin, I am sure that "Check Point is very excited about continuing Sourcefire's involvement with the open source community!". I hope that doesn't mean that they are excited about getting fees for any and all rules from the open source community.
"When people contribute code then their code is © them and not you."
That's what I meant, I don't know how much of the code is his and how much is contributed that's why he deosn't own (the whole) snort -- just like Linus doesn't own Linux kernel, AFAIK.
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
Honestly, the "slashdot's going down hill" trolls have been making me roll my eyes pretty much as soon as I became a regular, but things like this really make me wonder :(
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Seriously, sometimes it is better to keep ones mouth shut than to say stoopid shit like that. Who are these companies? Who the fuck cares? A lot of folks who use these tools care. Just because you are ignorant of something, that doesn't mean it doesn't matter.
You got a big Mac at Fry's?
;)
How's OSX?
Just because it CAN be done, doesn't mean it should!
Kate Moss unavailable for comment.
How much *significant* code has been contributed to Snort by people outside of SourceFire? I'm talking about things like Frag3, etc. - the underpinnings of Snort.
I don't want knowledge. I want certainty. - Law, David Bowie
The neat thing about snort is it's history and that I hope companies look at it as a model of S/W developement (i.e. FOSS). I wish they turn their rules language via an XML Schema.
Interesting triva to ask is where did snort originate? The feds come to mind ;).
[Funny] It's understandable why Marty had to sell! A big house and a brand new [huge] office building for the peeps (better than the last location) will suck the $$$ dry quickly.
Huh?
References:2 000-q3/2361.htmlb lem_with_Zone_Alarm.html
http://archives.neohapsis.com/archives/firewalls/
http://www.issociate.de/board/post/218692/The_pro
http://www.forbes.com/forbes/2002/0318/102_2.html
http://www.whatreallyhappened.com/spyring.html
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Why the hell do people blog with grey-on-white and tiny letters?
I am very sure that Checkpoint would not remove Snort from GPL, and its a good news for all the snort fans out there.. with Checkpoints popularity and financial power they might be able to improvise the snort to be able to offer better Inline IPS features..
The main reason i am very enthusiastic is that there is not much competition in the IDS sphere, and checkpoint systems for one doesnt have a base in IDS hence with this acquisition i guess there will be good competition for Cisco , MCafee and TippingPoint.
just hope to get the best anyway...
I hate to state the obvious here - Checkpoint just launched a direct attack on Symantec, Cisco and McAfee as the real all around security players. This was totally unexpected from the outside but I guess at some point the consolidation of the security product market had to begin. So which one do you think will be the first to buy a real SIM solution? In my mind Cyberwolf and Protego didn't really count as full SIM products as they only represented about 1/5 of the power of some of the more advanced SIMS out there today.