The Asylum   Search Private Messages Options Blogs Images Chat Cam Portals Calendar FAQ's Join  
Asylum Forums : Powered by vBulletin version 2.2.8 Asylum Forums > WIT - Whore Institute of Technology > SNORT: The Future (as stated by Marty Roesch)
  Last Thread   Next Thread
Author
Thread [new thread]    [post reply]
amerikanjunkie
Most Hated Asylumite

Registered: Aug 2000
Location: Los Dallos, TX
Posts: 1766
SNORT: The Future (as stated by Marty Roesch)

SNORT: The Future (as stated by Marty Roesch)
March 21st, 2006 by cvcrud

So today I attented a talk by the creator of Snort, Martin “Marty” Roesch at the University of Texas at Dallas. The talk was entitled “Snort: Past, Present, and Future”. It was a very interesting talk and dialog, given that the audience was in no way dumbed down, and the topic of the future of Snort was the first time any information was revealed to the public about what the future of Snort holds.

So what is the future of Snort? SNORT X

* Target Based Intrusion Detection
* Automatic “SMART” Tuning of Snort Rules and Configuration
* Dynamic Configuration
* Taking advantage of CPU Architecture

What is Target Based Intrusion Detection?

In a sense, its allowing Snort the advantage of knowing the specifics about the machine behind the IP. If Snort had the ability to know the architecture, os, protocols of, etc of the machine that was being targeted, it could effectivly know which rule sets to apply to which IP. Thus, taking quite a bit of load off the system. Plus optimizing the abilities of Snort to better catch and handle the attacks. Which also leads us to the solution of SMART Tuning. When Target Based IDS is introduced, you will no longer need to “tune” your Snort machine. Lots of people go about day to day, with a incorrectly configured Snort machine, falsly thinking they are ok due to their lack of knowledge of Snort. Target Based IDS, as designed by Marty Roesch will effectively take care of that.

Dynamic Configuration?

Who wants, or needs to take down their Snort system evertime they need to load a new ruleset? No one WANTS to, but currently you are FORCED to. This will be no more.

Taking Advantage of CPU Architecture?

Sure, why not? Why not take advantage of the various instructions contained within the various CPU’s? It couldnt possibly make things worse… or could it?


*** NOTE: I have scored an exclusive interview with Marty for my linux blog. Look for it in the near future on my blog.

__________________
Welcome to the real world, where bees sting, pain hurts, and bridges burn.

Report this post to a moderator | IP: Logged

Old Post 03-22-2006 01:07 AM
amerikanjunkie is offline Click Here to See the Profile for amerikanjunkie Click here to Send amerikanjunkie a Private Message Visit amerikanjunkie's homepage! Find more posts by amerikanjunkie Add amerikanjunkie to your buddy list [P] Edit/Delete Message Reply w/Quote
squee
the amen break

Registered: Jul 2001
Location: Norfolk, VA
Posts: 4735

I've had a coupla beers with Marty. Nice guy. Too bad Sourcefire isn't going anywhere. Navy chose McAffee over Sourcefire because, apparently, managing a few hundred snort boxes is not as easy as managing Intrushield boxes. I called shenanigans but apparently it's true.

__________________
What does polite society know of the secret hearts of men?
What shows the shuttered window but all the evil you can imagine?

Report this post to a moderator | IP: Logged

Old Post 03-22-2006 11:42 PM
squee is offline Click Here to See the Profile for squee Click here to Send squee a Private Message Find more posts by squee Add squee to your buddy list [P] Edit/Delete Message Reply w/Quote
amerikanjunkie
Most Hated Asylumite

Registered: Aug 2000
Location: Los Dallos, TX
Posts: 1766

Just because Sourcefire lost one contract, does not mean they arent going anywhere. Actually a much larger company is about to aquire Sourcefire (leaving execs in place).

__________________
Welcome to the real world, where bees sting, pain hurts, and bridges burn.

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 01:42 PM
amerikanjunkie is offline Click Here to See the Profile for amerikanjunkie Click here to Send amerikanjunkie a Private Message Visit amerikanjunkie's homepage! Find more posts by amerikanjunkie Add amerikanjunkie to your buddy list [P] Edit/Delete Message Reply w/Quote
Smug Git
Arrogance Personified

Registered: Aug 2001
Location: Hilbert Space
Posts: 35776

Assuming that it doesn't just turn into an IP acquisition.

__________________
I want to live and I want to love
I want to catch something that I might be ashamed of

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 01:48 PM
Smug Git is offline Click Here to See the Profile for Smug Git Click here to Send Smug Git a Private Message Find more posts by Smug Git Add Smug Git to your buddy list [P] Edit/Delete Message Reply w/Quote
amerikanjunkie
Most Hated Asylumite

Registered: Aug 2000
Location: Los Dallos, TX
Posts: 1766

Its actually a foreign capitolist company. Apparently the same group that brokered the Dubai ports deal, is the same group in charge of brokering the deal with sourcefire.

__________________
Welcome to the real world, where bees sting, pain hurts, and bridges burn.

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 02:07 PM
amerikanjunkie is offline Click Here to See the Profile for amerikanjunkie Click here to Send amerikanjunkie a Private Message Visit amerikanjunkie's homepage! Find more posts by amerikanjunkie Add amerikanjunkie to your buddy list [P] Edit/Delete Message Reply w/Quote
Smug Git
Arrogance Personified

Registered: Aug 2001
Location: Hilbert Space
Posts: 35776

That wouldn't particularly reassure me, in that it could still be the IP that they're after.

I wonder if there are export restrictions on Sourcefire products.

__________________
I want to live and I want to love
I want to catch something that I might be ashamed of

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 02:17 PM
Smug Git is offline Click Here to See the Profile for Smug Git Click here to Send Smug Git a Private Message Find more posts by Smug Git Add Smug Git to your buddy list [P] Edit/Delete Message Reply w/Quote
amerikanjunkie
Most Hated Asylumite

Registered: Aug 2000
Location: Los Dallos, TX
Posts: 1766

I doubt it unless there is just xome highly advanced military used algorithym[?] in their product... but you never know, as alot of the encryption technology isnt supposed to exported. (Who the hell uses Blowfish anyway?)

__________________
Welcome to the real world, where bees sting, pain hurts, and bridges burn.

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 03:16 PM
amerikanjunkie is offline Click Here to See the Profile for amerikanjunkie Click here to Send amerikanjunkie a Private Message Visit amerikanjunkie's homepage! Find more posts by amerikanjunkie Add amerikanjunkie to your buddy list [P] Edit/Delete Message Reply w/Quote
Smug Git
Arrogance Personified

Registered: Aug 2001
Location: Hilbert Space
Posts: 35776

Not sure if general IT security-related technologies are covered by the export restrictions or not.

__________________
I want to live and I want to love
I want to catch something that I might be ashamed of

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 03:41 PM
Smug Git is offline Click Here to See the Profile for Smug Git Click here to Send Smug Git a Private Message Find more posts by Smug Git Add Smug Git to your buddy list [P] Edit/Delete Message Reply w/Quote
Goatboy
the anticlimax

Registered: Jul 2000
Location: A New England
Posts: 9187

They are.

__________________
Arbeit Macht Frei

Report this post to a moderator | IP: Logged

Old Post 03-23-2006 04:16 PM
Goatboy is offline Click Here to See the Profile for Goatboy Click here to Send Goatboy a Private Message Find more posts by Goatboy Add Goatboy to your buddy list [P] Edit/Delete Message Reply w/Quote
squee
the amen break

Registered: Jul 2001
Location: Norfolk, VA
Posts: 4735

Eh, it's not just that they lost one contract. They were unable to get a contract with any large government department, from what I understand (I could be wrong).

It seems as if he is having trouble selling his idea to Management, <i>even though</i> all the people actually doing IT security know that snort is a superior product to, say, Intrushield or NetRanger.

I don't think any export restrictions will hold up so long as snort remains OSS. It's not as if those dastardly Israelis can slip something in when anyone in the world can see the source.

__________________
What does polite society know of the secret hearts of men?
What shows the shuttered window but all the evil you can imagine?

Report this post to a moderator | IP: Logged

Old Post 03-25-2006 10:21 PM
squee is offline Click Here to See the Profile for squee Click here to Send squee a Private Message Find more posts by squee Add squee to your buddy list [P] Edit/Delete Message Reply w/Quote
Large Filipino
Fuck me hard in my arse.

Registered: Feb 2004
Location: in colorado somewhere!
Posts: 26669

I bet he would dumb ME down.

__________________
FUCK YOU YOU FUCKING FUCK FUCKER EEEEEEEEEEE!!!

Report this post to a moderator | IP: Logged

Old Post 03-25-2006 10:25 PM
Large Filipino is online now Click Here to See the Profile for Large Filipino Click here to Send Large Filipino a Private Message Visit Large Filipino's homepage! Find more posts by Large Filipino Add Large Filipino to your buddy list [P] Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 03:48 PM. Post New Thread    Post A Reply
  Last Thread   Next Thread
Show Printable Version | Email this Page | Subscribe to this Thread

Forum Jump:
 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is ON
 

< Contact Us - The Asylum >

Powered by: vBulletin Version 3.0.6
Copyright ©2000 - 2002, Jelsoft Enterprises Limited.
Copyright © 2000- Imaginet Inc.
[Legal Notice] | [Privacy Policy] | [Site Index]