Slashdot Mirror

← Back to Stories (view on slashdot.org)

CheckPoint Acquires Snort

Posted by CmdrTaco on from the done-sniffing-each-other dept.

bobdehnhardt writes "The Snort-announce list was burning with the news that CheckPoint has signed an agreement to acquire Sourcefire, the commercial arm of the Snort community. As part of the agreement, CheckPoint will "continue to develop and distribute Snort under the GPL, improve and document the program to stay on the cutting edge and expand the snort.org web site." Here is a message from Snort creator Marty Roesch."

7 of 118 comments (clear)

  1. " Here is a message from Snort creator Marty Roesc by b1gk1tty · · Score: 5, Funny

    " Here is a message from Snort creator Marty Roesch."

    I'm rich I'm rich I'm filthy f*ckin rich!

  2. Re:Loopholes by monkeydo · · Score: 4, Informative

    No, it doesn't. The owner of the copyright can stop releasing new versions under the GPL. Any code already licensed under the GPL would remain so, but nothing stops them from making all new versions closed, or something in between.

    --
    Si vis pacem, para bellum
    The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
  3. Re:while snort is a fine piece of software ... by b0r1s · · Score: 5, Informative

    It's worth mentioning that it's possible to trigger on known attack VECTORS rather than just known attacks - that is, on some vulnerabilities, all possible attacks will have a single signature at some point in the packet, which WILL be triggered. Moreover, some PROTOCOLS will always have the same signature, which may be hit as byproducts of the attack (ie: if I see an IRC packet coming from a webserver, I'm going to alert no matter what port it's on, or where it's going, because it shouldn't be there, period).

    Snort can be bypassed in many scenarios, but it's still very useful.

    --
    Mooniacs for iOS and Android
  4. no big deal by qwertphobia · · Score: 5, Informative

    This is no big deal. Snort will continue to be GPL and freely available to the world.

    I'm more worried about the recent Nessus changes, have you heard about this?
    Nessus License Change Announcement

    Nessus 2 will continue to be free
    Nessus 3 will be a free of charge, binary only release

    --
    Never ask for directions from a two-headed tourist! -Big Bird
  5. Re:while snort is a fine piece of software ... by PGillingwater · · Score: 5, Informative

    Plus you might find that a shellcode exploit requires a shellcode sled, which can be detected. And many of the people who use Snort might not know that Sourcefire has made a major innovation with RNA -- a passive traffic analysis system which tells you what hosts are in your LAN, and what ports are being used -- kind of like NTOP, but with better consolidation and reporting.

    --
    Paul Gillingwater
    MBA, CISSP, CISM
  6. You also need a benchmark of legit activity. by khasim · · Score: 4, Insightful

    Everything happening on your network should be authorized by you. If you're worried about security, then you need to get some benchmarks of the legitimate traffic on your network so you can have the system watch for different patterns.

  7. My friend was acquired by a Checkpoint by DrugCheese · · Score: 4, Funny

    when he tried to cross the border with snort.

    --
    *DrugCheese rants*