[Snort-users] DoD plugin?

Ofir Arkin ofir at ...949...
Thu May 3 02:51:01 EDT 2001

Dahlgren Naval Surface Warfare Center which developed SHADOW is now working
on the next version.
SNORT is to replace TCPDUMP.

Ofir Arkin [ofir at ...949...]
The Sys-Security Group
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Clifford, Shawn
Sent: Monday, April 30, 2001 7:32 AM
To: snort-users (E-mail)
Subject: [Snort-users] DoD plugin?

This was in the lastest SANS training email.  Does anyone know more about
this plugin, whether it will become public, etc?  Is there already something
similar available?

-- Shawn

In the last SANS and GIAC update we talked about fighting back.  Thank
you for all the responses, it turns out this is a hot theme.  You can
see it in action on web pages like
http://www.mynetwatchman.com and www.incidents.org.
The only thing missing is you if you aren't a contributor.  By the way,
we are having trouble getting to word to Asia Pacific region ISPs. If
you are in the Asia Pacific region and you are willing to help, would
you please send the:
- Name of your ISP
- Their IP address range
- Contact point for abuse or incidents to info at ...1940...

Information Security Heroes

All of these "fight back" programs involve making sense of large volumes
of data.  To do that we need techniques that allow for massive data
reduction.  Lt. Stephen D. Donald USN, and Captain Robert V.  McMillen
USMC, from the Naval Postgraduate School.  worked for months, 7 days a
week, taking as little time for sleep as possible, building a new
intrusion detection capability based on a Snort plugin. The tool, while
still under development, provides a realtime, intuitive graphics display
and is being used by analysts on operational DoD networks as one more
capability to help defend networks and identify cyber- attacks for which
there is no known signature.  This is a DoD project and I don't know if
it will ever be available for the general population, but this is
exactly the sort of progress that we, as a community, need to make.

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list