Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of Snort

Posted by CmdrTaco on from the stuff-to-read dept.

gRitteR writes "HNS is running a story of Martin Roesch, the creator of Snort where he tells the entire story of Snort in his words. Roesch covers seven years of development that made this tool one of the most important security software titles ever developed. It's interesting to get all the details on how Snort was initially conceived as well as how it is expected to develop further now after Check Point acquired Sourcefire. There are many technical details and interesting tidbits not available before."

58 comments

  1. Flash audio? by stibles · · Score: 4, Interesting

    Anyone know if there's a transcript of this interview somewhere?

    1. Re:Flash audio? by Vreejack · · Score: 1

      "SERVER STATUS: We are currently being Slashdotted. Please check back soon. "
        This was at 11:24 EDT

      --
      "Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
    2. Re:Flash audio? by cmacb · · Score: 1

      Bad combo: Audio content with no transcript; flash presentation (sound only); streaming instead of downloadable; Slashdot.

      I wonder who comes up with this stuff. But I know that at least part of the answer is that it is people who should be doing something else (something not involving computers) for a living.

  2. Re:Rubbish by Kjuib · · Score: 0

    This is REALLY import to all those who wish to have control over the internet...
    isn't that right?! (crowd cheers uncontrolably)

    --
    - Your stupidity got you into this mess, why can't it get you out? -Will Rogers
  3. stuff-to-read dept? by marcantonio · · Score: 2, Funny

    I think someone didn't check this out before it was posted... By someone I mean TACO.

    1. Re:stuff-to-read dept? by KrisW · · Score: 1

      I think the link is correct, it seems to be the linked page that is acting screwy.

      --


      "Think you can take me? Go ahead on. It's your move." --Joe Don Baker in Final Justice
    2. Re:stuff-to-read dept? by tomhudson · · Score: 1, Funny
      I think someone didn't check this out before it was posted... By someone I mean TACO.
      Maybe the story inspired him to SNORT something ...

      Or it could just be that with Hallowe'en coming, slashdot trolls you. Since we're not giving them treats, they're giving us tricks.

    3. Re:stuff-to-read dept? by zootm · · Score: 2, Informative

      Judging by the title of your parent's post, I think he was more concerned that Taco's "department" was the "stuff-to-read" department, yet the main link is in fact an audio recording...

    4. Re:stuff-to-read dept? by tomhudson · · Score: 0
      it seems to be the linked page that is acting screwy.
      Nah, it's your eyes - stop SNORTING THAT SHIT!!!

      That's what you get for Trick-or-treating in the Newark - those "pop rock candies" are crack rocks.

    5. Re:stuff-to-read dept? by LurkerXXX · · Score: 1

      The link is just to a site that points to the interview. It's a flash/audio interview. Not sometehing-to-read unless you've got some sweet audio-to-text converter on your laptop that your browsing with. Last I checked most folks don't normally use Dragon-NaturallySpeeking to browse websites.

    6. Re:stuff-to-read dept? by KrisW · · Score: 1

      Oops, my bad.

      --


      "Think you can take me? Go ahead on. It's your move." --Joe Don Baker in Final Justice
  4. tidbits not available before by Anonymous Coward · · Score: 0

    "There are many technical details and interesting tidbits not available before."

    And not any more.

  5. Snort? by Anonymous Coward · · Score: 0

    Ok, what the hell is SNORT?

    1. Re:Snort? by Anonymous Coward · · Score: 4, Funny

      Effective immediately, your geek license has been revoked.

  6. Not really intended to be for international by dzafez · · Score: 4, Informative

    This seems to not be intended to be listened to by international Audience. He is talking quite fast and not too easy. a written form would be easier for people with other language backgrounds. I can live with it, as I'm used to the sound of american english, but a written form could help a lot.

    1. Re:Not really intended to be for international by kilauea · · Score: 1, Funny

      There is no such thing as American english!!!

      How I would love to see "the Queens English" on a software installer...

      Gaz

    2. Re:Not really intended to be for international by Anonymous Coward · · Score: 4, Funny

      You have indicated that you wish to bin these dossiers. Shall we?

      [ Right Then ] [ Rubbish ]

      And in a cruel twist of fate, "Rubbish" would cancel the operation.

    3. Re:Not really intended to be for international by Anonymous Coward · · Score: 0

      Actually more than a few programs are distributed with British and American English versions, or localizations. In most linux distros you can choose (iirc) to use en-GB or en-US. Various packages are then localized accordingly, just as with any other language.

      Mozilla also distributes an en-US and en-GB version. Every time I go to their FTP site I have to decide between GB and US.

      No doubt many other programs also do things this way. I know the spellchecking using aspell or ispell will differentiate between american and british spellings of words depending on your localization.

    4. Re:Not really intended to be for international by Anonymous Coward · · Score: 0

      No... Marty just talks really fucking fast. You should see him speak... impressive, but he only breaks for water, and sometimes he gurgles his speech. He has alot to say, and is probably one of the most technical guys around. 7 years of work aint bad for 225 million minus expenses... damn good job.

    5. Re:Not really intended to be for international by RexxFiend · · Score: 1

      I thought she was german!

      --

      A crash reduces
      Your expensive computer
      to a simple stone.
  7. Snort made easy... by fak3r · · Score: 4, Informative

    Let me be the first to recommend n00bs pick up Snort for Dummies, perhaps the best "for Dummies" book I've read; a perfect primer. "If you want to get your feet wet or you've been tasked with deploying a snort system, this is a good way to start. In the typical, humorous, "for dummies" style, this book walks you through getting, setting up and using Snort and the ACID console. The book also covers how to maintain and tweak the system, once it is up and running. A good effort by the authors." For work or for home, there's really no reason not to learn an enterprise level IDS.

    --
    fak3r.com
    1. Re:Snort made easy... by martyroesch · · Score: 5, Informative
      Please, do NOT use ACID!

      ACID is no longer being actively maintained, if you want ACID's functionality you should go get BASE! Better yet, go get SGUIL and use Snort as part of a Network Security Monitoring, you'll be glad you did.

    2. Re:Snort made easy... by diamondsw · · Score: 4, Funny

      Please, do NOT use ACID!

      Too late, dude. Whoa.

      --
      I don't know what kind of crack I was on, but I suspect it was decaf.
    3. Re:Snort made easy... by Anonymous Coward · · Score: 0

      A combination of all three works for me. I freebase snort on acid!

    4. Re:Snort made easy... by Anonymous Coward · · Score: 0

      Ok Keanu...

  8. What it probably says... by xxxJonBoyxxx · · Score: 4, Informative

    I had the chance to chat with Marty in Baltimore in May 2001 and he basically said this about Snort:

    1) I wrote it over a couple of weekends because I wasn't happy with TCPDump and the commercial tools at hand

    2) Someday I hope to rewrite it

    3) The extensible plug-in architecture saved my ass

    4) I wish the commercial guys would quit ripping it off

    However, it looks like an audio interview...don't have that kind of time anymore.

    1. Re:What it probably says... by Anonymous Coward · · Score: 0
      ..don't have that kind of time anymore.

      You could just skip out on a few sleeping stages and be a real geek
      http://www.ubersleep.com/
    2. Re:What it probably says... by xxxJonBoyxxx · · Score: 1

      I tried this, involuntarily, during the last year I was earning my comp sci degree. I have two kids now, so I've learned to appreciate a good 8 (OK, 6) hours of sleep a night.

    3. Re:What it probably says... by Anonymous Coward · · Score: 0

      Did he explain why Snort has had so many vulnerabilities disovered in it?

    4. Re:What it probably says... by Anonymous Coward · · Score: 0

      > don't have that kind of time anymore.

      LOL, dumbass says while wasting time on slashdork.

  9. It begins like this... by utexaspunk · · Score: 1, Funny

    "So we had made this 'cocaine' stuff, and we had tried various methods of getting it into our bloodstream, but none of them seemed to be quick and easy. Then Martin gets this brilliant idea..."

    1. Re:It begins like this... by Anonymous Coward · · Score: 1, Funny

      "So we had made this 'cocaine' stuff, and we had tried various methods of getting it into our bloodstream, but none of them seemed to be quick and easy. Then Martin gets this brilliant idea..."

      You do what Stevie Nicks allegedly did, and have it blown up your ass?

    2. Re: It begins like this... by butterwise · · Score: 0

      I was real naïve in those days, too. Somebody would come up to me after the show and say, "Hey man, do you wanna snort?", and I'd go, "Sure! grunt, grunt, grunt, grunt...."

      --
      If a baby duck is a "duckling," why would anyone want to eat "dumplings?"
  10. cheap yoke, can't believe nobody else did it yet.. by Thud457 · · Score: 3, Funny

    Finally! I've been waiting fourty years for a sequel to "The Story About Ping"!!!!!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  11. Re:cheap yoke, can't believe nobody else did it ye by Thud457 · · Score: 2, Insightful

    errr... an absolutely amazing quote in the link above : " If I'd known then that it would be my most famous accomplishment in life, I might have worked on it another day or two and added some more options."

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  12. Re:cheap yoke, can't believe nobody else did it ye by BushCheney08 · · Score: 1

    Hehehehe. I was just checking the thread to see if someone else was gonna mention it. If not, I was gonna say something about how nicely The Story of Snort would look next to The Story About Ping.

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  13. Snort Exploit! by Anonymous Coward · · Score: 2, Informative

    Links to information:
    First report: http://isc.sans.org/diary.php?storyid=770
    Infocon Yellow: http://isc.sans.org/diary.php?storyid=772
    Intrusion Detection: http://isc.sans.org/diary.php?storyid=782
    Tool: http://isc.sans.org/diary.php?storyid=791

    Hope everyone is safe..

    1. Re:Snort Exploit! by Slashcrap · · Score: 1

      Hope everyone is safe..

      This happens all the time. Which is why anyone with half a brain sets up their Snort box with a "one way" Ethernet cable - inbound traffic only, no ability for the Snort box to talk to anything else if compromised.

      Of course, there are a lot of people running Snort on their home DSL line because watching the huge list of attacks bouncing off their firewall gives them a woody. They're probably screwed, but at least it will be educational for them.

  14. Snort is... by Viree · · Score: 2, Funny

    probably one of the best tools ever developed for open-source / security community. I've got a bad feeling from this whole Check Point acquisition, especially with the major revamp in http://snort.org/. Thankfully there's still http://nessus.org/....wait. Fuck!

  15. Re:cheap yoke, can't believe nobody else did it ye by Anonymous Coward · · Score: 0

    Ping this FB!!!

  16. non flash by furrywithwings · · Score: 1

    Is there a working transcript or a non-flash link? I'm not installing the key to pretty BLINKING annoyances just to read something interesting.

  17. Pah! by Anonymous Coward · · Score: 0

    The Story of Snort?

    Ask my filthy rich boss!

    LKOS

  18. Snort stories by SeaFox · · Score: 1

    I get the feeling one of the main draws to posting stories about Snort isn't so much the software but so they can make joke headlines and comments about narcotics.

    Checkpoint Aquires Snort - Oct. 6, 2005

    Snort up For Revamp, says Creator - May 24, 2004

    Using Snort Stealthily - Sept. 13, 2002

    Snort Creator Makes Good - July 1, 2002

    Guardent To Sell Snort And Nessus - Dec. 14, 2001

  19. Pong by Anonymous Coward · · Score: 0

    Mike was killed in a car accident in November 2000.

  20. Snot? by bettlebrox · · Score: 1

    For a minute there I thought the title of the story was:

    The History of Snot

    For just a second I was envisoning: Slashdot, news for nerds, boogers shat matters ...

    --

    I have a very small mind and must live with it.
    -- E. Dijkstra

  21. Picture with Martin by uan · · Score: 1

    I got to meet Martin Roesch a month ago and got some pictures of us shaking hands to take home!

    --
    http://83p.unitedti.org/
  22. Using BASE to analyze Snort data by vaiism · · Score: 1

    BigAdmin has an article that describes storing Snort alert output in a MySQL database and using the web front end BASE to analyze the data. Sounded pretty interesting... http://www.sun.com/bigadmin/features/articles/snor t_base.html