[Snort-users] Naming convention of Snort
cmg at ...1935...
Wed Mar 13 10:11:02 EST 2002
Jason Hammerschmidt <Jason.Hammerschmidt at ...5298...> writes:
> Why name Snort a NIDS when it's really a Host based IDS..
It is a NIDS.
Host Based IDS generally refers to monitoring Host based events such
as process activity or the like.
> often being used as an attempted NIDS via Ethernet taps/port
Yes that's how one can use a NIDS
> So I don't start a flame war, I'm assuming NIDS is an inline,
Thats generally refered to as a Gateway or Active IDS
> or inband IDS at the point of an interconnection from one network to
> another (like a router/firewall/single transparent bridge). Also,
> this is strictly a curiousity question, I very much like Snort.
> In various articles/docs, Snort is often referred to as lightweight, is
> this only because it's non commercial?
I believe this is a FAQ but it comes from the fact that snort used to
not do much protocol inspection. As more and more features are added,
its no longer being as relavant of a term other than terms of CPU
Chris Green <cmg at ...1935...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-users