[Snort-users] My Experience with the new Sourcefire VRT rules..
Scott.Morris at ...13146...
Tue Mar 8 10:32:40 EST 2005
It is a new site so I'll give them slack there. However our
corporate counsel had apoplexy when he saw the license terms.
Particularly the granting access to books, records and facilities.
You will, from time to time and as requested by Sourcefire, provide
assurances to Sourcefire that you are using the VRT Certified Rules
consistent with a Permitted Use, and you grant Sourcefire access, at
reasonable times and in a reasonable manner, to the VRT Certified Rules
in your possession or control, and to your books, records and facilities
to permit Sourcefire to verify appropriate use of the VRT Certified
Rules and compliance with this Agreement.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Marc
Sent: Tuesday, March 08, 2005 1:20 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] My Experience with the new Sourcefire VRT
I know there has been a lot of debate over the new VRT Rules and
licensing methods from Sourcefire. I was staying on the sidelines due
to my relative newness to Snort in general, but now that I have had some
interaction with the new website I wanted to let everyone know my
experiences.. This is just what happened to me, and I am not trying to
start any flame wars...so if you agree with me then great, if you don't
agree with me then great!
Let me start out by saying that I personally don't have a
problem with what SF is doing, After all, if I didn't want to pay I can
still get the rules 5 days later for free or write my own. but since I
need the rules pretty fast (and I am not the best at writing rules..) I
was ok with paying the subscription fee. So I mosey on over to
snort.org and try to sign up.
Well, all I can say is that if you are like me and don't mind
paying the subscription, then GOOD LUCK!! Finding the pricing is damn
near impossible, and when you follow the link to even sign up, it tries
to take you to a secure site THAT HAS AN INVALID CERTIFICATE! (the cert
is valid, but it doesn't protect snort.ort it is for sourcefire.com)
then when I get to the signup page, firefox reports that this site is
not secure at all (even though it says https, there is no encryption
going on) Yean I'm gonna transmit info plaintext..NOT! And still no
mention of how much it costs until after you create an account..... Oh
and for all you ACID users out there, I just found out that you can't do
a rule lookup anymore even if you are a subscriber ( In their defense,
they DO say the rule lookup function is forthcoming and I am sure some
clever person will write a patch eventually)
I completely understand why Sourcefire is changing the way the
rules are distributed, and I support them in it after all, they do
deserve to get paid for hard work, however if they are going to make a
change like this that affects the whole snort community, then I would
request that they at least make sure that everything works before they
put it live!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users