[Snort-users] Naming convention of Snort

Chris Green cmg at ...1935...
Wed Mar 13 10:11:02 EST 2002

Jason Hammerschmidt <Jason.Hammerschmidt at ...5298...> writes:

> Why name Snort a NIDS when it's really a Host based IDS..

It is a NIDS.

Host Based IDS generally refers to monitoring Host based events such
as process activity or the like.  

> often being used as an attempted NIDS via Ethernet taps/port
> mirroring.

Yes that's how one can use a NIDS 

> So I don't start a flame war, I'm assuming NIDS is an inline, 

Thats generally refered to as a Gateway or Active IDS

> or inband IDS at the point of an interconnection from one network to
> another (like a router/firewall/single transparent bridge).  Also,
> this is strictly a curiousity question, I very much like Snort.
> In various articles/docs, Snort is often referred to as lightweight, is 
> this only because it's non commercial?

I believe this is a FAQ but it comes from the fact that snort used to
not do much protocol inspection.  As more and more features are added,
its no longer being as relavant of a term other than terms of CPU
usage :-)
Chris Green <cmg at ...1935...>
Fame may be fleeting but obscurity is forever.

More information about the Snort-users mailing list