Re: ids inquisition

From: RJ H (huberrj@hotmail.com)
Date: 07/24/01


From: "RJ H" <huberrj@hotmail.com>
To: focus-ids@securityfocus.com
Subject: Re: ids inquisition
Date: Tue, 24 Jul 2001 12:48:58 +0000
Message-ID: <F135Pt0nlNFf82rPe4n000051d5@hotmail.com>

I did not state that snort is deficient in any way (yes, I use snort), that
Marty/snort have not contributed greatly to the community, or that that the
Sans course was bad (yes, I did attend) . Thanks for the flames though...

My point was, when you teach a course that utilizes a tool, that you then
bundle to make a commercial product, that ensures that you have a good user
base to start your commercial venture. In my mind (small as it may be),
this gives you an advantage over other vendors.

>From: Dr SuSE <drsuse@drsuse.org>
>To: <huberrj@hotmail.com>, focus-ids@securityfocus.com
>Subject: Re: ids inquisition
>Date: Tue, 24 Jul 2001 04:36:16 GMT
>
>I don't find that odd at all. Here is a list of things that I find odd.
>
>1. Marty gives Snort away for free.
>2. Marty spends more time developing Snort and helping Snort users than
>most
>people spend trying to get the AOL dialer uninstalled from their windows 95
>boxes.
>3. Marty has waited this long before coming out with a commercial product.
>4. If a bug is found in Snort, it is usually fixed the same day.
>5. Signatures for new exploits are out within a few hours..sometimes
>minutes.
>6. Snort users can get help from thousands of other Snort users for free.
>7. There are dozens of add-ons for Snort which have been developed by
>people
>all around the world and are available for FREE.
>
>The list goes on and on. Why dont you come and hang with us on #snort on
>the
>irc.openprojects.net server and see for yourself. You'll see Marty helping
>Snort users and accepting feature requests. You'll never see him trying to
>push the commercial product onto anyone.
>
>See ya there buddy!
>
>
>
>
> > Anyone else find it odd that the good folks behind Sourcefire, are also
> > instructors at the Sans IDS track? That's one way to create demand for
>a
> > product.
> > Why not Sans courses from multiple IDS vendors (ISS, Symantec, Cisco),
>ala
> > electives?
> >
> > > Sender: roesch@mail.sourcefire.com
>[mailto:roesch@mail.sourcefire.com
> > >]
> > >
> > > Subject: Re: ids inquisition
> > >
> > > We're targeting 100Mbps network capability with our initial
> > >OpenSnort
> > >
> > >...
> > > As soon as I hire some digital systems engineers to develop the
> > >hardware
> > >
> > > we'll handle real gigabit too....
> > >
> > > -Marty
> > >
> > > However, even with high speed NPU and digital chips,
> > >
> > > doing pattern matching in wire speed is not a feasible task.
> > >
> > >
> > > Roger
> > >
> > >Oh ye of little faith! I remember when 16K of memory was a huge
> > >amount,
> > >
> > >then 64K, who would ever need more than 64K... woops 640K,
> > >1Meg. Now my
> > >
> > >system has a whopping Gig of memory.
> > >
> > >
> > >
> > >We are talking 6 orders of magnitude more memory in less than 20
> > >years.
> > >
> > >So now we say we're hitting the quantam
> > >barrier. HA. One of the things
> > >
> > >we seem to do best is to find a way to skirt the barriers. And
> > >so I say
> > >
> > >pattern matching in Gig IDS is feasable. It's a matter of time
> > >and
> > >
> > >engineering. Of course by that time we may find better ways to
> > >deal
> > >
> > >with
> > >
> > >IDS.
> > >
> > >One of my favorite sayings is "Those who say it can't be done are being
> > >passed up by those doing it" or some such.
> > >--------------------------------------------------------------
> > >
> > >James P
> > >Kirk
> > >| email: jp.kirk@erols.com
> > >
> > >--------------------------------------------------------------
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
>http://explorer.msn.com/intl.asp
> >
>
>
>Score my PGP key @
>http://www.drsuse.org/pks
>
>---------------------------------------------
>Microsoft ist nicht installiert.
>http://www.drsuse.org/
>
>

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp