Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Open Source SNORT Dead?

Posted by CmdrTaco on from the migrate-to-chortle dept.

alphadogg writes "Is Snort, the 12-year-old open-source intrusion detection and prevention system, dead? The Open Information Security Foundation, a nonprofit group funded by the US Dept. of Homeland Security to come up with next-generation open source IDS/IPS, thinks so. But Snort's creator, Martin Roesch, begs to differ, and in fact, calls the OISF's first open source IDS/IPS code, Suricata 1.0 released this week, a cheap knock-off of Snort paid for with taxpayer dollars. The OISF was founded about a year and a half ago with $1 million in funding from a DHS cybersecurity research program, according to Matt Jonkman, president of OISF. He says OISF was founded to form an open source alternative and replacement to Snort, which he says is now considered dead since the research on what is supposed to be the next-generation version of Snort, Snort 3.0, has stalled."

2 of 127 comments (clear)

  1. Re:Great summary quote by Hylandr · · Score: 5, Interesting

    Having been a Navy contractor in just this exact field, my experience with govt / military jobs indicates to me that this is a lot of stovepipe rooster crowing.

    Self important BS Hype to justify the tax dollars and get the pats on the back. The positive comments here for this 1.5m hack of snort is more than likely astro turfing. Up until now, I haven't even heard of Suricata.

    Can someone provide a link where this has been in some mainstream IT circles being debated as Beta release candidates were released etc?

    - Dan.

    --
    ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
  2. Snort is live. 3.0, OTOH... by savanik · · Score: 5, Interesting

    .... is pretty much DOA.

    Speaking as a security professional, we could REALLY use multi-threaded support in our Snort deployments, and the last time I heard 'multi-threaded support is just around the corner' was in 2008.

    Right now, the fact that one Snort instance runs as one process linked to one interface in your ethernet stack means that only one core can run it. And with us hitting the plateau in computing speed on a per-core basis, and traffic still increasing, multi-threaded support had better show up in the next couple of years at the latest or I'll have to find some other network-based IDS product, at least for some extreme instances.