[SPAM] - Re: [Snort-users] My Experience with the new Sourcefire VRT rules.. - Email found in subject

Marc Hering mhering at ...13116...
Tue Mar 8 12:22:17 EST 2005

Thanks for the update Martin,   I figured it was something like that,  I did the Alt-I in Firefox and didn't see the encryption....

I'll check back in in the next 24 hours.


Also, does VRT plan to have a "one off" download plan,,,IE a company doesn't want to pay a yearly subscription, but if a MAJOR worm comes out they can pay a one time fee and get the updated rules? 


-----Original Message-----
From: Martin Roesch [mailto:roesch at ...1935...] 
Sent: Tuesday, March 08, 2005 3:07 PM
To: Marc Hering
Cc: snort-users at lists.sourceforge.net
Subject: [SPAM] - Re: [Snort-users] My Experience with the new Sourcefire VRT rules.. - Email found in subject

Hi Marc,

We're dealing with a few last minute issues on our end, things should be solid in the next 24 hours or so.

The cert was made for sourcefire.com, not snort.org originally.  We're waiting on our cert from Thawte and it should be up today.  The site is encrypted even if the cert isn't "valid" for the domain, if you're in firefox you can hit <alt-i> to pull up site info and click on the Security tab to see if the site is cleartext or encrypted if you need to prove it to yourself.  We wouldn't expect you to transmit info in the clear obviously.

The subscription form has the rates in the first line of the form.  
It's $195/495/1795 per month/quarter/year respectively.  You need a free registration to subscribe.

We apologize for the rule lookup being inactive right now, we're working on it.


On Mar 8, 2005, at 1:19 PM, Marc Hering wrote:

> Well,
>  I know there has been a lot of debate over the new VRT Rules and 
> licensing methods from Sourcefire.  I was staying on the sidelines due 
> to my relative newness to Snort in general, but now that I have had 
> some interaction with the new website I wanted to let everyone know my 
> experiences..  This is just what happened to me, and I am not trying 
> to start any flame wars...so if you agree with me then great, if you 
> don't agree with me then great!
> Let me start out by saying that I personally don't have a problem with 
> what SF is doing,  After all, if I didn't want to pay I can still get 
> the rules 5 days later for free or write my own.  but since I need the 
> rules pretty fast (and I am not the best at writing rules..) I was ok 
> with paying the subscription fee.   So I mosey on over to snort.org 
> and try to sign up.
> Well, all I can say is that if you are like me and don't mind paying 
> the subscription, then GOOD LUCK!!  Finding the pricing is damn near 
> impossible, and when you follow the link to even sign up, it tries to 
> take you to a secure site THAT HAS AN INVALID CERTIFICATE! (the cert 
> is valid, but it doesn't protect snort.ort  it is for
> sourcefire.com)   then when I get to the signup page, firefox reports 
> that this site is not secure at all (even though it says https, there 
> is no encryption going on) Yean I'm gonna transmit info 
> plaintext..NOT!   And still no mention of how much it costs until 
> after you create an account.....  Oh and for all you ACID users out 
> there, I just found out that you can't do a rule lookup anymore even 
> if you are a subscriber ( In their defense, they DO say the rule 
> lookup function is forthcoming and I am sure some clever person will 
> write a patch eventually)
> I completely understand why Sourcefire is changing the way the rules 
> are distributed, and I support them in it after all, they do deserve 
> to get paid for hard work, however if they are going to make a change 
> like this that affects the whole snort community, then I would request 
> that they at least make sure that everything works before they put it 
> live!
> Thanks!
> </rant mode>
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover.  Determine.  Defend. - http://www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http://www.snort.org

More information about the Snort-users mailing list