[Snort-users] Snort 1.90 no Spade?
hoagland at ...47...
Sat Oct 5 13:20:02 EDT 2002
At 4:06 PM -0600 10/4/02, Shane Hickey wrote:
>I'm afraid I haven't read the list in quite some time, so I apologize if
>this has been answered. I checked the FAQ and the archives and didn't
>see mention of it. Anyway, I'm running Snort on RedHat installed from
>RPMs. It's always included Spade, but 1.90 doesn't seem to. Is there a
>reason for this, or was it an oversight.
I'm glad you asked. I provided a version of Spade for Snort 1.9
(somewhat enhanced over the version in Snort 1.8.7) to the Snort
developers on July 20, 2002. Since then, we have not received any
substantive feedback on it from anyone with commit privileges despite
repeated queries. So, regrettably, we are back to the model of
providing Spade as an add-on package. (This was the model prior to
Spade being incorporated in Snort with Snort 1.7.0.)
In the mean time, we've been making some significant enchantments to
Spade. These are nearly complete, so we'll release that version as
soon as it is ready (probably this Monday). It'll be available from
the Silicon Defense web site and probably also via Snortenstein.
If you can't wait, you can get the version I submitted on July 20:
>I found that I caught many
>intrusions that I wouldn't have seen otherwise when I was using Spade,
>although, I wish you could tell it to ignore certain source networks.
I'm glad you found it useful and I don't think you were alone. Is
there some specific reason you wanted to ignore certain sources?
(I'm trying to see if the problem has been addressed already.)
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users