CheckPoint Acquires Snort

bobdehnhardt writes "The Snort-announce list was burning with the news that CheckPoint has signed an agreement to acquire Sourcefire, the commercial arm of the Snort community. As part of the agreement, CheckPoint will "continue to develop and distribute Snort under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site." Here is a message from Snort creator Marty Roesch."

while snort is a fine piece of software ...

I think its usefulness is very limited.

It is nice to know I am protecting/monitoring my LAN from KNOWN attacks,
is does very little to stop a determined attacker who can write
their own shellcode and exploits.

Which, if you hop on IRC now days, represents quite a few attackers.
The people we made fun of long ago have aquired the skills to get around
snort rather easily.

So, rest at night, thinking you have protected your lan, while in reality
you have not.

Checkpoint and Linux

Checkpoint are not known for being too interested in providing versions of their software for Linux. Lack of a current Linux checkpoint vpn client is all that's keeping me running a (gack) Windows machine in my home..

Soooo.... is Checkpoint Snort going to go Windows-only??

Then again, maybe this heralds a new era of cooperation between Checkpoint and the non-Windows world.

You also need a benchmark of legit activity.

[khasim]

Everything happening on your network should be authorized by you. If you're worried about security, then you need to get some benchmarks of the legitimate traffic on your network so you can have the system watch for different patterns.

Re:no big deal

[Kevin+Burtch]

Closed-source penetration testing software?
I sure won't be using that version... and I love nessus!