[Snort-users] Snort getting RNA-like overhaul?
Keith W. McCammon
keith-list at ...6015...
Mon May 24 07:25:05 EDT 2004
[Apologies if this is too "general discussion" for anyone's
taste--please respond off-list if you don't care to muddy everyone's
inbox with replies.]
I caught a headline on ZDNet this morning related to Marty's AusCERT
seminar. Bottom line: Marty made some mention of a potential overhaul
of the Snort engine to support more RNA-like activities (basically
taking Snort from the more traditional IDS space into the general
DC SUG post from this AM:
Anyway, I was just curious what type of attention this has been getting
within the more active Snort development and planning circles. I know
it's been discussed within Sourcefire, as well as on this list (in a
more general sense), but I wasn't sure if anything was on paper. I know
it's a lot of work, so I'm specifically curious how Snort's existing
framework would map simultaneously to policy-based specs as well as the
traditional rules and inspection engine.
Again, more personal interest than anything else, so any comments,
thoughts, detailed road map documentation welcome...
More information about the Snort-users