Slashdot Mirror
CheckPoint Acquires Snort
bobdehnhardt writes "The Snort-announce list was burning with the news that CheckPoint has signed an agreement to acquire Sourcefire, the commercial arm of the Snort community. As part of the agreement, CheckPoint will "continue to develop and distribute Snort under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site." Here is a message from Snort creator Marty Roesch."
Interesting. Snort looks like a pretty cool tool. Anyone know more about it? How does it hold up against other intrusion detection packages?
And, any info on check point? I've heard of them, but haven't really seen much about their products.. then again, I code mainly, don't see much of the network admin side of IT. I try to keep up though.
Oh.. and since Snort.org looks like its flying toward slashdotted.. it barely loaded. Here's the letter.
------
October 6, 2005
To the Snort community:
I am very excited to announce that Check Point has signed an agreement to acquire Sourcefire, the company that develops the Snort® project and maintains the snort.org domain. I know that many of you are probably going to ask "what does this mean for Snort?", so I'd like to take a few minutes to talk about that.
I'll start by stating again what I've stated in the past, Snort is now and will continue to be free to end-users. We will continue to develop and distribute the Snort engine under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site. The community continues, as always, to be important to us as a group of people who use the code pervasively throughout the entire Internet, report on problems and make suggestions and contributions to the project. Check Point is very excited about continuing Sourcefire's involvement with the open source community!
I'd also like to take a moment to extend a personal "thank you" to the Snort community for your contribution to Sourcefire's success. Little did I know when I first decided to GPL and release Snort in 1998 that it would become the foundation of this worldwide community of hundreds of thousands of users and the core technology of Sourcefire at its founding, and now the launching point for an acquisition by one of the largest and most respected security companies in the world. All of us at Sourcefire look forward to taking our vision and technology to the next level as a vital part of a true industry leader and continuing to build the best open source intrusion detection and prevention technology in the world.
The acquisition is subject to regulatory conditions and approvals and is expected to close by Q106. You can review the press release and FAQ documents at http://www.checkpoint.com/sourcefire.
Sincerely,
Martin Roesch
Founder and CTO
Sourcefire, Inc.
-----
Code. Writing. Writing Code. Writing in general. What? They aren't -that- differnet.
Not if they own the copyright (which I'm not sure about in this case).
No, it doesn't. The owner of the copyright can stop releasing new versions under the GPL. Any code already licensed under the GPL would remain so, but nothing stops them from making all new versions closed, or something in between.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
It's worth mentioning that it's possible to trigger on known attack VECTORS rather than just known attacks - that is, on some vulnerabilities, all possible attacks will have a single signature at some point in the packet, which WILL be triggered. Moreover, some PROTOCOLS will always have the same signature, which may be hit as byproducts of the attack (ie: if I see an IRC packet coming from a webserver, I'm going to alert no matter what port it's on, or where it's going, because it shouldn't be there, period).
Snort can be bypassed in many scenarios, but it's still very useful.
Mooniacs for iOS and Android
This is no big deal. Snort will continue to be GPL and freely available to the world.
I'm more worried about the recent Nessus changes, have you heard about this?
Nessus License Change Announcement
Nessus 2 will continue to be free
Nessus 3 will be a free of charge, binary only release
Never ask for directions from a two-headed tourist! -Big Bird
Plus you might find that a shellcode exploit requires a shellcode sled, which can be detected. And many of the people who use Snort might not know that Sourcefire has made a major innovation with RNA -- a passive traffic analysis system which tells you what hosts are in your LAN, and what ports are being used -- kind of like NTOP, but with better consolidation and reporting.
Paul Gillingwater
MBA, CISSP, CISM
Checkpoint built their own version of Linux called SecurePlatform specifically for running their firewall, management tools, and other software. Quite often, the GUI and end user tools only ran on Windows, but the real meat-and-potatoes was usually supported on Linux.
Post-rock/Ambient/Drone and other noise.
Unless they accepted patches from a third party not directly involved in the project , They would need to track down each and every person that had (and acquire their blessing) or each and every code snippet and remove it .
This is the same problem which faces the linux Kernel if they wished to move it to the GPL3
The only things certain in war are Propaganda and Death. You can never be sure which is which though