[Snort-users] DoD plugin

Rich Smith Rich.Smith at ...1809...
Mon Apr 30 21:44:42 EDT 2001

Hash: SHA1

I installed Snort at an unnamed facility. They were happy with it,
although I think they required more eye candy. I used Snort 1.7

Whatever they are doing real-time has to be in an environment where
their bandwidth is damn small. I would like to see real-time display
at >100Mbs. ;)


- -----Original Message-----
From: Tech-X [mailto:domnick2 at ...125...]
Sent: Monday, April 30, 2001 7:44 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] DoD plugin

If my guess is correct, this is going to be similar to SHADOW. 
Shadow is an
IDS that was developed by Dahlgren Naval Surface Warfare Center and
has been
used on military installations all over the globe.  This has become a
dated, and I think they are tying to implement something very similar
SNORT instead of TCPDUMP.  Only time will tell exactly, but according
everything recently written by Stephen Northcutt of SANS, Snort is
the way
to go.  I also want to add that SHADOW was and still is a very good
program, but some things just need to be updated ;)

I'll keep everyone posted as I learn more.

> From: "Clifford, Shawn A" <shawn.a.clifford at ...178...>
> Subject: [Snort-users] DoD plugin?
> This was in the lastest SANS training email.  Does anyone know more
> about this plugin, whether it will become public, etc?  Is there
> already 
> similar available?
> -- Shawn
> --------------------------------------
> In the last SANS and GIAC update we talked about fighting back. 
> Thank you for all the responses, it turns out this is a hot theme. 
> You can see it in action on web pages like
> http://www.dshield.org/fightback.html
> http://www.mynetwatchman.com and www.incidents.org.
> The only thing missing is you if you aren't a contributor.  By the
> way, we are having trouble getting to word to Asia Pacific region
> ISPs. If you are in the Asia Pacific region and you are willing to
> help, would you please send the:
> - Name of your ISP
> - Their IP address range
> - Contact point for abuse or incidents to info at ...1940...
> ****************************************
> Information Security Heroes
> All of these "fight back" programs involve making sense of large
> volumes of data.  To do that we need techniques that allow for
> massive data reduction.  Lt. Stephen D. Donald USN, and Captain
> Robert V.  McMillen USMC, from the Naval Postgraduate School. 
> worked for months, 7 days a week, taking as little time for sleep
> as possible, building a new
> intrusion detection capability based on a Snort plugin. The tool,
> while still under development, provides a realtime, intuitive
> graphics display and is being used by analysts on operational DoD
> networks as one more capability to help defend networks and
> identify cyber- attacks for which there is no known signature. 
> This is a DoD project and I don't know if it will ever be available
> for the general population, but this is
> exactly the sort of progress that we, as a community, need to make.
> --------------------------------------
> > From: "shawn . moyer" <shawn at ...1184...>
> Cc: "snort-users (E-mail)" <snort-users at lists.sourceforge.net>
> Subject: Re: [Snort-users] DoD plugin?
> From the article:
> > This is a DoD project and I don't know if
> > it will ever be available for the general population, but this is
> > exactly the sort of progress that we, as a community, need to
> > make. 
> ifdef ZEALOT
> Actually, I'd say if it isn't shared, it's exactly the kind of
> progress we *don't* need to make.
> endif
> --shawn
> --
> s h a w n   m o y e r
> shawn at ...1184...

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>


More information about the Snort-users mailing list