[Snort-users] Snort getting RNA-like overhaul?

Keith W. McCammon keith-list at ...6015...
Mon May 24 07:25:05 EDT 2004


[Apologies if this is too "general discussion" for anyone's 
taste--please respond off-list if you don't care to muddy everyone's 
inbox with replies.]

I caught a headline on ZDNet this morning related to Marty's AusCERT 
seminar.  Bottom line: Marty made some mention of a potential overhaul 
of the Snort engine to support more RNA-like activities (basically 
taking Snort from the more traditional IDS space into the general 
policy-enforcement arena).

The article:
<http://www.zdnet.com.au/news/security/0,2000061744,39148508,00.htm>

DC SUG post from this AM:
<http://tinyurl.com/2v9xp>

Anyway, I was just curious what type of attention this has been getting 
within the more active Snort development and planning circles.  I know 
it's been discussed within Sourcefire, as well as on this list (in a 
more general sense), but I wasn't sure if anything was on paper.  I know 
it's a lot of work, so I'm specifically curious how Snort's existing 
framework would map simultaneously to policy-based specs as well as the 
traditional rules and inspection engine.

Again, more personal interest than anything else, so any comments, 
thoughts, detailed road map documentation welcome...

Cheers

Keith




More information about the Snort-users mailing list