[Snort-users] SPADE

Alex Butcher, ISC/ISYS Alex.Butcher at ...11254...
Tue Sep 14 02:26:19 EDT 2004

--On 14 September 2004 09:47 +0300 subway at ...12426... wrote:

> Hello,
> SPADE is Statistical Packet Anomaly Detection Engine for Snort. Does
> anyone know if it is still being developed?

I don't think so, no.

> The website http://www.silicondefence.com/ has disappeared and that's
> where SPADE was available.

Silicon Defense's assets were bought by Demarc.

> I know SPADE is also included in snort-2.2.0.tar.gz.

That doesn't appear to be the case. The latest version of SPADE appears to 
be included in the OS-SIM snort (src.)RPM. It patches cleanly into Snort 
2.2.0 and appears to work (though it needs a bit of patching to prevent 
snort segfaulting on plugin cleanup when run in -T mode).

> Another question: is there any paper available where techniques used by
> SPADE are described in detail?

RTFS ? ;-)

Best Regards,
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9

More information about the Snort-users mailing list