Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Open Source SNORT Dead?

Posted by CmdrTaco on from the migrate-to-chortle dept.

alphadogg writes "Is Snort, the 12-year-old open-source intrusion detection and prevention system, dead? The Open Information Security Foundation, a nonprofit group funded by the US Dept. of Homeland Security to come up with next-generation open source IDS/IPS, thinks so. But Snort's creator, Martin Roesch, begs to differ, and in fact, calls the OISF's first open source IDS/IPS code, Suricata 1.0 released this week, a cheap knock-off of Snort paid for with taxpayer dollars. The OISF was founded about a year and a half ago with $1 million in funding from a DHS cybersecurity research program, according to Matt Jonkman, president of OISF. He says OISF was founded to form an open source alternative and replacement to Snort, which he says is now considered dead since the research on what is supposed to be the next-generation version of Snort, Snort 3.0, has stalled."

3 of 127 comments (clear)

  1. Re:Confusing Story Considering Snort's Activity by martyroesch · · Score: 5, Informative

    That's not true, Snort development continues in the open and contributions are still taken from the community. We don't use the community to market our commercial solutions at all, in fact we have strict prohibitions against marketing commercial solutions on the Snort mailing lists.

    Stiennon takes the next wrong step by saying that we're preventing the ENTIRE OPEN SOURCE COMMUNITY from developing threat mitigation technology. Completely wrong. You can still add your own patches to Snort either as a contribution to the project or as an external patch, Sourcefire does nothing to prevent that.

    We also don't require that you install anything other than Snort when you grab it from snort.org, getting and installing Snort today is just like it was before Sourcefire started. If you don't have the problems that Sourcefire solves (scalability and manageability for the mid to large enterprise) you'd probably barely notice we're out there.

  2. Re:Snort's not dead... by rotide · · Score: 4, Informative

    Did you even look at the downloads page?:
    http://www.snort.org/snort-downloads

    Second link is "source".

    If you want the 3.0 source go to:
    http://www.snort.org/snort-downloads/snort-3-0/

    Maybe these weren't the sources you were looking for?

  3. Re:It's not dead. by saintlupus · · Score: 4, Informative

    According to Marty, when asked about IPv6 support at this year's EDUCAUSE Security conference, Snort will happily inspect IPv6 traffic if you configure the HOME_NET to be an IPv6 network.

    There's no explicit option to turn it on, because it shifts from v4 to v6 when the rest of the configuration is set up properly. This subtlety seems to elude people. Well, either that or the guy who initially wrote the software doesn't know how it works.

    --saint