[Snort-sigs] Re:Did anyone else notice...?

Bob Walder bwalder at ...636...
Mon Jun 17 01:16:05 EDT 2002

We tested RealSecure 7.0 recently and played with the Trons feature. In no
way is it intended as "competition" for Snort - the performance would suck
if you tried to load the entire rule set and it does not support any of the
preprocessors (thus can be evaded in various ways until they harmonise the
parsing path in the RealSecure PAM)

HOWEVER - as a means of adding custom sigs quickly and easily to RealSecure
it does a pretty good job.

NOW - the Snort community could get all precious about this and vilify ISS
for "stealing" the Snort rule set (a bit strong!), OR we could look on this
as a huge endorsement of the Snort "language" and look forward to all the
benefits that widespread use and adoption of the Snort rule set will bring
in the future....

IMHO, this is A Good Thing! (As long as ISS doesn't start to try and
introduce "non-standard" features into Trons, of course!)


Bob Walder
The NSS Group

PS Please note that Edition 3 of our IDS report which includes the
RealSecure 7.0 review will not be published on our site until June 30 - the
version that is up there at present is STILL VERSION 2, for those of you who
have already downloaded

>> -----Original Message-----
>> From: snort-sigs-admin at lists.sourceforge.net
>> [mailto:snort-sigs-admin at lists.sourceforge.net]On Behalf Of
>> counter.spy at ...52...
>> Sent: 17 June 2002 08:27
>> To: snort-sigs at lists.sourceforge.net
>> Subject: [Snort-sigs] Re:Did anyone else notice...?
>> I have a completely different question regarding trons:
>> Snort is an opensource IDS. What about the sigs?
>> Aren't they under GPL as well? What about reusing data formats
>> of opensource systems for commercial use.
>> Shouldn't all derived software and all software that uses parts
>> of an opensource software, be it sourcecode or dataformats,
>> have to become opensource, too?
>> I am just curious, I don't want to set the dogs on, even if I
>> don't like the way ISS praises the TRONS feature.
>> A SR who visited us had a grin on his face which was meant to look
>> clever when he told us:
>> "Not that snort is a competitor we would fear, matter-of-factly we
>> are actually profiting on snort."
>> Another thing is that since TRONS is officially out, the
>> link to the TRONS
>> FAQ on robertgrahams site has vanished. However still seems
>> to be active, I
>> was able to find
>> it in google. Strange, isn't it. Even more since the FAQ was
>> much more
>> down-to-earth than the sales song and dance. The CTO himself
>> told that the
>> feature compares
>> poorly to snort, provides by no means a full integration of
>> snortrules into
>> BlackICE and
>> would be easily evaded by fragroute and other tools.
>> Since TRONS is out officially I have read no new facts 'bout
>> this feature.
>> Anybody knowing facts about the current TRONS?
>> Curious,
>> Detmar
>> >Message: 3
>> >Subject: Re: [Snort-sigs] Did anyone else notice...?
>> >To: Jim Becher <jim at ...632...>
>> >Date: Fri, 14 Jun 2002 18:15:21 -0400 (EDT)
>> >CC: snort-sigs at lists.sourceforge.net
>> >From: Michael Scheidell <scheidell at ...249...>
>> >
>> >Interesting.. they bash snort, and a year later say 'we are
>> better because
>> >we can use snort sigs'..
>> >
>> >'http://bvlive01.iss.net/issEn/delivery/prdetail.jsp?type=&o
>Standard User Defined Signatures . In addition to its advanced analysis
>engine,... now has the ability to import most of
>the published rules from Snort, an open-source intrusion detection system.
>Users can now take advantage of Internet Security Systems. X-Press
>Updates. and publicly posted open-source rules. This new feature also
>enables companies to leverage their experience with unsupported
>network-based intrusion detection systems and upgrade to a commercially
>available, fully supported family of protection products without new
>training for signature updates.

GMX - Die Kommunikationsplattform im Internet.

GMX - Die Kommunikationsplattform im Internet.

GMX - Die Kommunikationsplattform im Internet.


Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list