[Snort-users] v2.8.4 incorrect logging to MySQL

Matt Watchinski mwatchinski at ...1935...
Tue Apr 14 21:55:26 EDT 2009


> If you don't quite understand the little story, do read some of the
> older snort mailing list entries to get a feel for how every signature
> contributed or otherwise is now licensed by Sourcefire.

Your statement is incorrect,

1.12.   "VRT Certified Rules" means specifically formulated network traffic
characteristics and instructions in text form, source code form or object code
form (including the structure, sequence, organization and syntax of such
network traffic characteristics), and all documentation related thereto, that
have been created, developed, tested and officially approved by Sourcefire.
These rules are designated with SIDs of 3,465 - 1,000,000.

So everything less than 3,465 is owned by whoever owns it, everything
else is owned by Sourcefire and was written by Sourcefire.

-matt


On Tue, Apr 14, 2009 at 4:36 PM, Loyal A Moses <loyalmoses at ...3027...> wrote:
>
> As I just said in an earlier mailing list response, it is open source
> until version 3.
>
> This is my original line of comments on the NEW direction Sourcefire
> was taking.
>
> http://archives.neohapsis.com/archives/snort/2007-07/0047.html
>
> The product itself is not at all the debate. Snort as a product is
> great, and I believe that Marty has done an excellent job developing
> the majority of what is quite obviously the worlds most widely used
> intrusion detection system.
>
> The argument on direction is one of open source vs. commercially
> owned. We've seen this a dozen or more times over.
>
> A little story...
>
> Jack is an open source buff who believes in free software for the
> world, so he builds and releases it GPL or equivalent. Then one day,
> he needs to feed his family from his open source fame, but doesn't
> have the rights to the software as he wants, because it was released
> open source and there are hundreds of contributors to the success of
> the application. So a simple little plan is hatched to slowly and ever
> so slightly change the licensing and take ownership of contributions
> and limit the use of these components, then create an all new version
> X that apparently is 100% written from the ground up with absolutely
> zero contributed code. Hmmmm...
>
> If you don't quite understand the little story, do read some of the
> older snort mailing list entries to get a feel for how every signature
> contributed or otherwise is now licensed by Sourcefire.
>
> As I said, they are going to do what they are going to do.
>
> On Apr 14, 2009, at 1:16 PM, Paul Schmehl wrote:
>
>> Sourcefire develops and provides snort, to the community, for free.
>> They do *not* develop ancilliary apps for free.  If you want a
>> coordinated, polished interface, you buy Sourcefire (as we have.)
>> If you want an open source build-your-own IDS, you install snort
>> *plus* whatever additional pieces you want.  It isn't Sourcefire's
>> responsibility to develop ancilliary tools for snort, although they
>> do some work in that area and encourage others to do it as well.
>>
>> As to your "we've seen it before" comment, I think you have to look
>> at the performance of Sourcefire since the company was established.
>> You would have to admit, then, that Marty has managed to sustain his
>> goal of continuous development of the open source product alongside
>> the proprietary one with a minimum of disruptions.  The only change
>> has been in the timing of rules releases, and that is a small price
>> to pay for such an accomplished product. Those rules are written by
>> Sourcefire engineers to serve their customers and provided to the
>> community free of charge, with a slight delay.
>>
>> I think that is commendable, and I thank Marty for his contributions
>> to the open source community and his sterling example of how to
>> maintain open source products while creating a commercially viable
>> company.
>>
>> Besides, you can always write your own rules or use emerging threats
>> and other sources for rules.
>>
>> As to whether it's smart to discuss development on a public list,
>> their source code is freely available.  It's kind of hard to hide
>> the direction of their development.
>>
>> --On Tuesday, April 14, 2009 14:35:33 -0500 Loyal A Moses <loyalmoses at ...846....3027...
>> > wrote:
>>
>>>
>>>
>>> Is Sourcefire limited on development skill or man power?
>>>
>>> It makes no sense at all to remove one of the most common facilities
>>> in use by snort users because it is "too complex".
>>>
>>> In the end, you'll do what you are going to do regardless of the
>>> community -- we've seen it before. But don't use "complexity" and
>>> "bugs" as the excuse.
>>>
>>> Sourcefire is a publicly traded company -- Is it smart to be taking
>>> votes on product development from a mailing list? I wouldn't think
>>> so.
>>>
>>> Loyal.
>>>
>>> On Apr 14, 2009, at 11:52 AM, Jason Brvenik wrote:
>>>
>>>> I have an ulterior motive and it is simple.
>>>>
>>>> Many of the bugs and issues over time with snort have been in output
>>>> plugins. Make one well supported, tested, unified method designed
>>>> for
>>>> best performance and while doing so it improves the supportability
>>>> and
>>>> maintainability of the code base.
>>>>
>>>> On Tue, Apr 14, 2009 at 2:39 PM, Loyal A Moses <loyalmoses at ...3027...>
>>>> wrote:
>>>>> My vote is to provide as many output options as possible, to help
>>>>> keep
>>>>> snort used as a tool.
>>>>>
>>>>> The argument of code complexity being a good reason to remove
>>>>> output
>>>>> facilities is only valid if the code is written poorly and not
>>>>> modular. This wheel doesn't need re-invented and this
>>>>> conversation is
>>>>> kind of silly, unless there is ulterior motives for actually
>>>>> wanting
>>>>> to remove this support.
>>>>>
>>>>> Loyal.
>>>>>
>>>>> ---------------------------------------------------------------------------
>>>>> --- This SF.net email is sponsored by:
>>>>> High Quality Requirements in a Collaborative Environment.
>>>>> Download a free trial of Rational Requirements Composer Now!
>>>>> http://p.sf.net/sfu/www-ibm-com
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> High Quality Requirements in a Collaborative Environment.
>>> Download a free trial of Rational Requirements Composer Now!
>>> http://p.sf.net/sfu/www-ibm-com
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>
>> --
>> Paul Schmehl, Senior Infosec Analyst
>> As if it wasn't already obvious, my opinions
>> are my own and not those of my employer.
>> *******************************************
>> Check the headers before clicking on Reply.
>>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/




More information about the Snort-users mailing list