[Snort-users] re: Professionalism

Scott Pham spham at ...3115...
Thu Nov 15 12:50:02 EST 2001

I couldn't have said it better :)) Well put !!


-----Original Message-----
From: Joe Pampel [mailto:joe at ...3851...]
Sent: Wednesday, November 14, 2001 9:55 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] re: Professionalism

couple things from an ex-suit (who gets to dress casual these days.

<self-indulgent rambling>
1. Snort has made it *possible* for me to include IDS in my IT budget. I
"discovered" Snort at our firm,  and then architected and implimented a
multi-sensor IDS system using machines we were taking out of service
because I felt we needed to get on top of our security infrastructure by
any means available. No one else much cared so I had to do it on the
cheap. I put up an Apache web server with MySQL/ACID and bingo - I'm a
hero (additional thanks goes to Michael Steele and the good folks at SD
for their windoze 'how-to's' !!)  Thank you to all the developers,
writers, etc that made this possible!!! It's amazing. And within a week
of deployment it had already saved us from all sorts of things, in
addition to helping us find mis-configured workstations and routers on
our own LAN. I show it to every consultant or industry peer who comes to
see our IT set up. Everyone has been very impressed with Snort. I hope
they all roll it out in their shops. I think they're crazy if they

2.  FWIW I am mgt here (I have seen the enemy, and he is me!), only
report to 2 people in the whole joint, and frankly with the kinds of
things I've seen in CSS (OTS & custom) programs (ex: an operating error
message in a 6-figure piece of software called "error: bong!" which as
it turns out was completely undocumented...) leads me to feel that some
funky potentially off color ref deep in some dusty config file of an OSS
program doesn't mean a thing to me. MOF my install of Snort (just
re-vamped it a couple weeks ago) does not have this ref at all.  No one
else here knows what Snort is, or what it does for the most part, and no
one else configures it. While it does not bother me I also have to
concur that as a general rule I think OSS could do without this kind of
thing..  Code walk throughs and configuration tasks are often (I
imagine) the first impression many get of OSS software and so I would
trust that the tradition of careful commenting etc continues. I would
like to see OSS gain wider acceptance, not to overthrow any other firm
or whatever but simply bc I feel the model lends itself to potentially
*better* applications, faster bug fixes and a safer environment as
admins can view the code and know what it running on their machines. I
find great security & value in that. We are going to roll out more Linux
machines here as a result of all this, and bc it will double the
lifespan of our workstations and servers.. talk about a cost savings..
but anyhow - 

3. I just want to close by saying I am *very* thankfull for OSS (esp
Snort!), and the good folks who put so much hard work into it for the
benefit of others.  I can only pity an organization which would
write-off a truly outstanding app like Snort for one little dumb comment
in a file somewhere buried where no one will likely ever see it.  That
is myopic to the extreme and is truly throwing out the baby IMHO. Do you
really think that the CSS apps are devoid of any odd comments or inside
jokes within their code? Not that it makes it right, just saying it is
everywhere and IMHO just a reflection of the long hours and stress that
programmers/coders endure to bring these things to life. They're human
beings after all. As for an organization that would terminate for such
an "offense", I would never work for one. I find that sort of policy
offensive not to mention oppressive.
</self-indulgent rambling>

Just my opinion, and worth what you paid for it. Hope I did not waste
too much BW on my soap box.


Joe Pampel

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list