Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of Snort

Posted by CmdrTaco on from the stuff-to-read dept.

gRitteR writes "HNS is running a story of Martin Roesch, the creator of Snort where he tells the entire story of Snort in his words. Roesch covers seven years of development that made this tool one of the most important security software titles ever developed. It's interesting to get all the details on how Snort was initially conceived as well as how it is expected to develop further now after Check Point acquired Sourcefire. There are many technical details and interesting tidbits not available before."

6 of 58 comments (clear)

  1. Not really intended to be for international by dzafez · · Score: 4, Informative

    This seems to not be intended to be listened to by international Audience. He is talking quite fast and not too easy. a written form would be easier for people with other language backgrounds. I can live with it, as I'm used to the sound of american english, but a written form could help a lot.

  2. Snort made easy... by fak3r · · Score: 4, Informative

    Let me be the first to recommend n00bs pick up Snort for Dummies, perhaps the best "for Dummies" book I've read; a perfect primer. "If you want to get your feet wet or you've been tasked with deploying a snort system, this is a good way to start. In the typical, humorous, "for dummies" style, this book walks you through getting, setting up and using Snort and the ACID console. The book also covers how to maintain and tweak the system, once it is up and running. A good effort by the authors." For work or for home, there's really no reason not to learn an enterprise level IDS.

    --
    fak3r.com
    1. Re:Snort made easy... by martyroesch · · Score: 5, Informative
      Please, do NOT use ACID!

      ACID is no longer being actively maintained, if you want ACID's functionality you should go get BASE! Better yet, go get SGUIL and use Snort as part of a Network Security Monitoring, you'll be glad you did.

  3. Re:stuff-to-read dept? by zootm · · Score: 2, Informative

    Judging by the title of your parent's post, I think he was more concerned that Taco's "department" was the "stuff-to-read" department, yet the main link is in fact an audio recording...

  4. What it probably says... by xxxJonBoyxxx · · Score: 4, Informative

    I had the chance to chat with Marty in Baltimore in May 2001 and he basically said this about Snort:

    1) I wrote it over a couple of weekends because I wasn't happy with TCPDump and the commercial tools at hand

    2) Someday I hope to rewrite it

    3) The extensible plug-in architecture saved my ass

    4) I wish the commercial guys would quit ripping it off

    However, it looks like an audio interview...don't have that kind of time anymore.

  5. Snort Exploit! by Anonymous Coward · · Score: 2, Informative

    Links to information:
    First report: http://isc.sans.org/diary.php?storyid=770
    Infocon Yellow: http://isc.sans.org/diary.php?storyid=772
    Intrusion Detection: http://isc.sans.org/diary.php?storyid=782
    Tool: http://isc.sans.org/diary.php?storyid=791

    Hope everyone is safe..