[Snort-users] Professionalism

Joe Smith shadowm4n at ...131...
Tue Nov 13 14:40:02 EST 2001

Nothing quite like stirring the hornet's nest...

Based on many of the responses I've received, I get
the impression my point has been missed and/or I
didn't state it clearly enough.

My agenda is simple: make open-source more commonplace
in the corporate environment.  It's the same goal that
many in the open source community share, because it's
the only way to displace the current OS/Application
monarch, Mr. Bill Gates.  Many in the corporate world
have a very negative opinion of open source precisely
because of what I stated earlier regarding the
unprofessional nature of open source.  They will claim
that the code is "untrustworthy".  This doesn't mean
it doesn't work (or can be configured to work).  It
doesn't mean that the programmers are untrustworthy. 
Once again, it isn't the impropriety that's the
problem, it's the appearance of impropriety.  The
negative stigma will stay as long as this sort of
thing crops up.  Yes, I realize its idiotic for a VP
to disqualify a product only because of lubrication
references, but it does happen and it makes my job (ya
know, intrusion detection and all that fun stuff) that
much more difficult.

Yes, its free.  Yes, the classification.config file
can be sed/grepped to do exactly what you want.  And
yes, its the best thing out there (its superior to
every IDS I've tested, commercial or non).  All I'm
asking is for snort to make an effort to present a
more professional appearance so that corporate
acceptance is the default, not the exception.

--- Gordon Ewasiuk <gewasiuk at ...3392...> wrote:
> On Today, Phil Wood wrote:
> >Date: Tue, 13 Nov 2001 13:08:47 -0700
> >From: Phil Wood <cpw at ...440...>
> >To: Joe Smith <shadowm4n at ...131...>
> >Cc: snort-users at lists.sourceforge.net
> >Subject: Re: [Snort-users] Professionalism
> >
> >On Tue, Nov 13, 2001 at 09:54:31AM -0800, Joe Smith
> wrote:
> >> To the administrators of SNORT,
> >>
> >> An excerpt from "classification.config" from the
> most
> >> recent snort rules download.
> >
> >One thing that has not been over stated since the
> inception of
> >the "classification.config" file is the following:
> >
> >  As a snort administrator/installer you should
> edit classification.config
> >  to suit the policies of your organization.  At
> the same time, you should
> >  review the rules which you are including in your
> snort.conf file for
> >  appropriateness, and to verify their
> classification in relation to the
> >  changes you made to the classification.config
> file.  You should not use
> >  either the classification.config or rules out of
> the box.  To do so,
> >  is a dereliction of duty.
> Damn.  People get a commerical-grade IDS FOR FREE
> and are bitching about a
> simple pr0n rule?  Whoa.  WTF?  Hellooooo.  If you
> are that "offended" by
> SNORT, don't use it.  Go out and pay tens of
> thousands of dollars for
> some crap from McAfee, Cisco, or whoever.
> If not, and you enjoy the many, many features and
> benefits offered by
> SNORT, *FOR FREE*, then edit the rule and go about
> your business.
> -Gordo
> --------------------------------------------------
> Gordon Ewasiuk, Certifed Sun Fanatic,  Winstar VHC
> The REAL office number is here----->  703.893.4901
> Read the story about the #1 Unix Platform
> http://www.sun.com/software/cover/2001-1106
> -------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

Do You Yahoo!?
Find the one for you at Yahoo! Personals

More information about the Snort-users mailing list