[Snort-users] RE: [Snort-devel] Re: RFC: Forking Snort

Bob Walder bwalder at ...1926...
Fri Jul 5 01:43:07 EDT 2002


As an outsider with no vested interests here I will chip in with my 0.02
(whatever that is worth at current USD/GBP exchange rates...)

Version 1.8.1 was the first version of Snort we included in our IDS Group
test - it was not the first version we had "looked at". However, even from
1.8.1 to 1.8.6 (the version we most recently tested - see www.nss.co.uk/ids)
we noted huge improvements in many aspects of the product. Improved
resistance to most IDS evasion techniques, some pretty useful stateful
reassembly with a session resync feature that is missing from a lot of
commercial products, some useful-looking protocol analysis preprocessors,
improved stability. And, of course, a huge improvement in the signature set.


More information about the Snort-users mailing list