[Snort-users] Snort 1.9 vs 2.0

Martin Roesch roesch at ...1935...
Fri Oct 11 07:18:05 EDT 2002

On Friday, October 11, 2002, at 10:03 AM, Hervé Debar wrote:

> Martin Roesch wrote:
>> No, let me explain.  Snort 1.9.0 was released last week.  The merge 
>> that we did last night is the basis of the Snort 2.0 development 
>> branch, basically Snort with several extensions that were developed 
>> at Sourcefire to enable us to hit gigabit speeds.  The Sourcefire 
>> extensions are open source and available under the GPL, just like the 
>> rest of Snort.  The only difference is that we spent several hundred 
>> thousand dollars on salaries, equipment and hard core research to 
>> bring this update to you instead of having me try to write it in my 
>> spare time. :)
>> The Snort 2.0-dev branch is the CVS HEAD now, the Sourcefire mods 
>> have been released into the open source domain as part of our 
>> "ethical contract" with the Open Source community to bring the best 
>> of commercial development contributions (money, test equipment, 
>> people who get paid to work on this stuff) with the best of the open 
>> source contributions (huge QA team, tight feedback between developers 
>> and users, continuous improvement of codebase).
>> I hope you guys will enjoy this monumental leap in performance that 
>> we've just contributed and that we can all continue to have fun and  
>> make Snort the best IDS possible!
> So IIUC, snort-devel on snort.org is snort 2.0 on sourcefire, right ?

Right, this is the sensor code that is the basis of the new Network 
Sensor 3000 from Sourcefire, our gigabit sensor.

> Am I right in assuming that the rule writing is also changing ?

The rules language is maturing as we identify new methods to detect 
attacks more accurately/flexibly and develop language to describe the 
things that we're interested in.  The rules are changing to take 
advantage of the stateful analysis mechanisms that we have available 
now, but old rules should still work.


> Thanks,
> Hervé
> -- 
> Hervé Debar                <mailto:herve.debar at ...7137...>
> Tel: +33 (0)2 31 75 92 61               GSM: +33 (0)6 74 09 09 66
> France Télécom R&D                      Fax: +33 (0)2 31 75 93 13
> 42 rue des Coutures  (-/-)  BP 6243  (-/-)   F-14066 Caen Cedex 4
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

More information about the Snort-users mailing list